I’m pleased to announce that I have recently joined Blogsecurity which is fantastic news because I can work with some excellent people and develop free open source software which will help blogging security.
Wordpress Lockdown and WPIDS
We’ve already been working on a security plugin for Wordpress which combines my previously unreleased plugin WP Lockdown and [...]
Many developers often design their system security based on what the software does; this is a mistake you should always design a security system based on what your software might do. I’m quite surprised when people don’t understand this, I often think of potential scenarios and discuss flaws in a current implementation based on those [...]
Update…
Verisign have now fixed the vulnerability.
I’ve wrote about this before but I’m sure that some people might not know the risks involved, so I’ve created a demonstration of how to use CSS and iframe overlays to take any section of a web site and place it on any other web site. The user wouldn’t [...]
I was bored again and I fancied creating something useful to easily convert between entities etc. I was inspired by Mario’s excellent encoding tool, which I really like but I wanted to be able to convert to unicode and use multiple strings at once. So I give you….
Hackvertor!! which will allow you to use placeholders [...]
I’ve finally taken the time to update my spam protection plugin for Wordpress, the original plugin worked well and stopped pretty much any automated spam. But I decided to update it because a few users were reporting problems on this site and other sites, for some reason it didn’t work with IE7. Rather than just [...]
I’ve decided to remove my feed from Planet PHP because of some small minded commentors (Jani and David Rodger). I would like to thank everyone who has read my blog on the planet php feed and I hope I have provided some useful information. If you didn’t think I was relevant to PHP Planet you [...]
Introduction
I hope you found my posts on the Safari security holes interesting, in this post I’m going to try and explain how I think and how I managed to work out an exploit for Safari. This post will be unusual for me because generally I try to keep my writing short and sweet, but in [...]
I’ve been testing the PHPIDS after Sirdarckcat tempted me with his post At first I created 2 simple vectors to make injection more difficult, then I spent a couple of hours coming up with a full tag and Javascript injection. I shall post the vector here once they have fixed it because it is [...]
I’ve put together a little CSK demo, it’s still early stages yet and there’s quite a bit more I can do but I thought I’d share the code early because I’ve a lot on at the moment and it might be a while before the next update and also it’s really interesting stuff.
It just [...]
I’m planning to release my Wordpress security plugin called “Wordpress Lockdown” soon once I’ve done a full audit of Wordpress code and I’ve completed other stuff. I have a few test users which are providing useful feedback all the time but unfortunately the code isn’t ready to be used by the masses because of certain [...]