Archives for the Month of June, 2007

Javascript security

Same origin policy is outdated for modern attacks, I would like to see the browser manufacturers create new techniques for protecting users against attacks. My idea for would be to create a browser javascript policy which is stored on the web site which lists the allowed functions/objects that are allowed to be used. So by […]

OpenID security issues

Background I contacted MyOpenID about a vulnerability I found with their system, I was really impressed with these guys, they responded to my email in a day and within 2 days they had fixed the problem. I decided to keep quiet about this vulnerability because many other providers contained a similar flaw and I worked […]

Safari same origin hole

Background Whilst investigating same origin javascript policy with Ronald from, I found another vulerability in Safari 3.02 beta on windows, it could also work on OS X but I haven’t tested it. Normally I would have reported this to Apple before releasing the details however the last time I found a problem with Safari […]

Better passwords

Choosing a good password is hard work because of course they are easily forgotten, how can you overcome this? I’m sure a lot of you out there are aware of this technique but in case you haven’t here goes. Silver monkeys die young Now in order for this to be effective, you must think of […]