Human rights abuse in an OOP paradigm
Posted by zero
This article is a first attempt to formalize an instance of OneSelf. Provide a first approach on defining such a class and its attributes/methods. Provide a possible implementation of such an object and define usage restrictions and protection.
Such an approach could be (ab)used if we continue to fail to apply strong data confidentiality and true segregation of duties.
Controls within organizations and governments are not adequate. End user education regarding disclosure of personal data is also essential.
Remove http referrer bookmarklet and Safari5 extension
Posted by cirrus
Let's go through the creation of a bookmarklet that removes the http referrers from all links in a page. This has been tested in Safari and Firefox.
Bypassing Safari 5 XSS Auditor
Posted by cirrus
Safari 5 was released today and following IE8's move they decided to implement what they call XSS Auditor.
DirBuster Dictionary Populator
Posted by cirrus
Dirbuster and dirb are in the toolset of all web application security fans. Both tools are excellent (although I prefer dirb due to it being command line and not Java), but their results obviously depends on how good the wordlist you are using is.
Parliament.gr blocks search engines?
Posted by cirrus
I sometimes surf while using the Googlebot user-agent and often forget to switch back to the default Firefox user-agent.
iPhone applications that transmit credentials using “unsafe” protocols
Posted by cirrus
The iPhone SDK allowed for the creation of thousands of applications. However, some of these applications (probably more than I would like to admit), have not been coded with security in mind.
How to stop Google Analytics
Posted by cirrus
Yes I know google owns us, yes I know we are using analytics as well.
What you need:
- a web server
- place the two files in this file in the root of the web server
- edit your hosts file and add this entry (where xxx.xxx.xxx.xxx is the IP of your web server):
xxx.xxx.xxx.xxx www.google-analytics.com ssl.google-analytics.com
Now every time you visit an analytics-enabled page, the two files from your web server will be included, and all javascript will be executed properly, but google will not track you.
Show hidden fields bookmarklet
Posted by cirrus
Just a quick useful bookmarklet, that shows all the hidden fields in a page.
Just bookmark this:
Show hidden
Converting an exe file to vbs and back to exe
Posted by cirrus
It is often useful to be able to convert an exe file to a string which will be able to reproduce the exe file. This can be used in a variety of ways (send by email, from an SQL injection, etc.).
Windows simple backdooring
Posted by cirrus
I remember reading this ages ago, and a couple of weeks ago I decided to give it a try.
I was amazed to see not only that this works, but that it even works on Windows7. Granted you do need some extra steps to make this happen in the later.
Pages
Categories
Blogroll
Security Tweets
Wow súper thanks to the guys from Randomstorm for my new pfsense firewall http://yfrog.com/nc4wwj1 day ago from Twitter for iPhone
Yo dawg, xzibit herd you like telling time
.. http://twitpic.com/29tm6g1 day ago from Twitter for Android
RT @phoobar: @jeremiahg Enjoyed your talk confirms my paranoid suspicions that no good could come from autocomplete & passwd mgt. < thanks!1 day ago from TweetDeck
3rd post: "Patching auto-complete vulnerabilities not enough, Cookie Eviction to the rescue" http://bit.ly/afQgbQ1 day ago from TweetDeck