It’s quite difficult to protect against CSRF because you are performing actions on the attackers behalf, there are a couple of things you can do to help protect against it and I shall explain a couple of methods here. Form tokens Form tokens can be used to make it more difficult for an attacker to […]

Ok I apologise for the cheesy title but it’s all that I could think of 🙂 a mate of mine asked me to do a post on how to protect your browser when you’re online so here goes. First off it’s impossible. That’s right impossible, you can’t make your browser 100% secure, all you can […]

Apple annoy me or rather their security attitude annoys me. I told them about a vulnerability months ago, I persisted and told them again. I got a generic reply from them saying:- ——————————– Hello, Thank you for filing this issue via Apple’s bug reporting system. Apple takes every report of a potential security problem very […]

This code was based on a CAPTCHA I wrote but it could be useful in other areas such as comment spam protection. The idea is that a few random code blocks are generated on the client and server side, so each language (PHP, Javascript) has the same code. For example:- num = 1330; for(i=0;i

I have reached the required comment level for my JSFuzzer, if you weren’t aware of my experiment it was simply to have people comment on my post before I released the source code [1]. I know it might sound silly but in fact it enables the project to attract attention and also humans by their […]

I’ve been reading sla.ckers quite a lot recently and I found a interesting topic on there were rsnake describes Firefox strange Javascript execution vectors which I wasn’t aware of. I thought I’d share them with everyone because I’m sure you’ll find them of interest. 1. First off there’s the double // which allows you to […]

Did you like my JS Fuzzer? If you did, then leave a comment here and when the site reaches 30 unique comments for this post I shall release the source code. You can then run it for as long as you want on your own server. Once the source code is released I shall be […]

I’ve be implementing some mod_rewrite tricks learnt from Ronald and I was trying to get them working on my 1and1 server. I’ve just finished a conversation with a tech guy at 1and1 and the it went something like this:- Me:Hi I’ve been trying to get a few mod_rewrite rules going on my server but I […]

I’ve rewrote my Javascript fuzzer to include more options, this one allows you to choose events, html attributes and various quote options. If you have any suggestions or attributes/events you would like me to include then please leave a comment. The fuzzer also now has the branding of my site that I recently redesigned. Update… […]

This is a strange one, I’ve no clue why IE7 does this but it appears to execute and echo javascript using multiple : Check it out: Echo javascript