dns-brute.nse
I've always wondered why Nmap didn't have a DNS brute-forcing script. Some months ago I decided to have a look at the scripting engine, and make one.
Apple Ping Privacy Concerns
After the launch of the new iTunes and the brand new music social network, I decided while trying it, to check out the privacy settings, and what kind of HTTP requests are send.
SSH honeypot
I've been running an SSH honeypot for around a month now.
So let's have a look at the stats.
HackAri – HackBar for Safari
I've been using the excellent HackBar add-on for Firefox for some time now.
How hard can it be to disclose an XSS
Some time ago, I discovered an XSS in LinkedIn, and thought what the heck, let's report it.
I reported the XSS using the customer service center (couldn't find a security contact anywhere) on 25/Dec/2009.
Remove http referrer bookmarklet and Safari5 extension
Let's go through the creation of a bookmarklet that removes the http referrers from all links in a page. This has been tested in Safari and Firefox.
Bypassing Safari 5 XSS Auditor
Safari 5 was released today and following IE8's move they decided to implement what they call XSS Auditor.
DirBuster Dictionary Populator
Dirbuster and dirb are in the toolset of all web application security fans. Both tools are excellent (although I prefer dirb due to it being command line and not Java), but their results obviously depends on how good the wordlist you are using is.
iPhone applications that transmit credentials using “unsafe” protocols
The iPhone SDK allowed for the creation of thousands of applications. However, some of these applications (probably more than I would like to admit), have not been coded with security in mind.
How to stop Google Analytics
Yes I know google owns us, yes I know we are using analytics as well.
What you need:
- a web server
- place the two files in this file in the root of the web server
- edit your hosts file and add this entry (where xxx.xxx.xxx.xxx is the IP of your web server):
xxx.xxx.xxx.xxx www.google-analytics.com ssl.google-analytics.com
Now every time you visit an analytics-enabled page, the two files from your web server will be included, and all javascript will be executed properly, but google will not track you.