Wednesday, June 18th, 2008
"HTML forms (i.e. <form>) are one of the features in HTTP that allows users to send data to HTTP servers. An often overlooked feature is that due to the nature of HTTP, the web browser has no way of identifying between an HTTP server and one that is not an ...
Posted in Coding, Internet, Privacy, Security | No Comments
Saturday, June 14th, 2008
Cross-Site Scripting (XSS) is an attack that's pretty basic to detect, pretty basic in execution, and you'd think that it would be rather simple to understand. Unfortunately this is apparently not the case. I won't go into the details of Cross-Site Scripting because others have beat that to death - ...
Posted in Coding, Internet, Privacy, Security | 1 Comment
Thursday, June 12th, 2008
The websites of three of the security industry's best-known companies include security flaws that could be used to launch scams against customers, according to a new report.
The report, from security watchdog site XSSed, verified 30 cross-site scripting (XSS) vulnerabilities across the sites of McAfee, Symantec and VeriSign. The flaws could ...
Posted in Coding, Internet, Privacy, Security | No Comments
Monday, June 9th, 2008
Should they all be trusted at first sight by unsuspecting online users? Yes, unfortunately this is the case with the websites of renowned and respected IT security companies. However, now that are all vulnerable to cross-site scripting, the possibilities to get phished and infected with malware and crimeware are dramatically ...
Posted in Coding, General BS, Internet, Privacy, Security | No Comments
Sunday, June 8th, 2008
OK gang, this is one of those rare moments where feedback from community will directly influence a security feature that’ll make a real difference. First some background...
About 6 months ago Brandon Sterne left a cushy infosec position at eBay for Mozilla to solve an extremely important Web security problem he ...
Posted in Coding, Internet, Privacy, Security | No Comments