Google fix vulnerability Well I have some good news to report about a vendor for a change, Google have been fantastic when I disclosed a vulnerability in Adsense to them. They were always in communication with me and keeping me informed of the status. They have also released a fix for the vulnerability in super […]
Archives for the Month of October, 2007
A bit of fun
Wednesday, 10 October 2007
The following “encrypted” text uses well known methods to obscure the data, my challenge to you is to decrypt the text. Comments will only appear if you have successfully left the correct answer. So see if you can be the first…. 38 35 120 50 53 59 38 35 120 51 53 59 38 35 […]
Injecting the script tag into XML
Tuesday, 9 October 2007
Firefox is now the browser I like hacking, there’s just so much stuff it can do. I simply don’t have enough time to explore everything, but what I have found was some very interesting XML behavior. I was helping Ronald a while back with a Firefox chrome security flaw and we discussed on slackers that […]
Safari vulnerability look before you leap
Sunday, 7 October 2007
I’m sick and tired with people commentating on my work without either knowing the details or having enough technical expertise to perform a simple test and read the URL bar. Here’s an example, now I’ve tried to promote my work by submitting to the many media sources and highlight Apple’s poor security attitude but it […]
iPhone Safari zero day
Wednesday, 3 October 2007
A friend of mine has just got himself a new iPhone and I asked him to test my Safari Zero day and what do you know, it works! LOL, it is now possible for any web site to read the contents of another web site when browsing the Internet with the iPhone. My original announcement:- […]
XSS attacks a practical example
Monday, 1 October 2007
I’ve been talking with Hackathology and he was having trouble understand the context of certain XSS attacks, so I decided to write him a quick PHP document which creates vulnerable variables and examples. The document has links which perform the injections on itself, I didn’t have IE handy to test so forgive me if the […]