Some time ago, I discovered an XSS in LinkedIn, and thought what the heck, let's report it.
I reported the XSS using the customer service center (couldn't find a security contact anywhere) on 25/Dec/2009.
Wikileaks has released a document set called the Afgan War Diary, on July 25, 2010, an extraordinary compendium of over 91,000 reports covering the war in Afghanistan from 2004 to 2010. For more information visit http://wikileaks.org/wiki/Afghan_War_Diary,_2004-2010.
In this post I present this endless insane war in numbers. All numbers were taken from "Afgan War Diary" and manipulated using a MySQL database. It must be noted that 75.000 over 91.000 reports were released.
This article is a first attempt to formalize an instance of OneSelf. Provide a first approach on defining such a class and its attributes/methods. Provide a possible implementation of such an object and define usage restrictions and protection.
Such an approach could be (ab)used if we continue to fail to apply strong data confidentiality and true segregation of duties.
Controls within organizations and governments are not adequate. End user education regarding disclosure of personal data is also essential.
Let's go through the creation of a bookmarklet that removes the http referrers from all links in a page. This has been tested in Safari and Firefox.
Safari 5 was released today and following IE8's move they decided to implement what they call XSS Auditor.
Dirbuster and dirb are in the toolset of all web application security fans. Both tools are excellent (although I prefer dirb due to it being command line and not Java), but their results obviously depends on how good the wordlist you are using is.
The iPhone SDK allowed for the creation of thousands of applications. However, some of these applications (probably more than I would like to admit), have not been coded with security in mind.
Yes I know google owns us, yes I know we are using analytics as well.
What you need:
- a web server
- place the two files in this file in the root of the web server
- edit your hosts file and add this entry (where xxx.xxx.xxx.xxx is the IP of your web server):
xxx.xxx.xxx.xxx www.google-analytics.com ssl.google-analytics.com
Just a quick useful bookmarklet, that shows all the hidden fields in a page.
Just bookmark this:
It is often useful to be able to convert an exe file to a string which will be able to reproduce the exe file. This can be used in a variety of ways (send by email, from an SQL injection, etc.).