When MSIE8 beta 2 launched a few days ago, I took it for a little spin to see if it puts up what it says it does. I'm actually quite happy and surprised with the XSS filter, but one thing … Continue reading →

In some cases users turn off Javascript for some security reasons. HTML has limited scripting, in fact it has almost zero scripting capabilities. Well, that is only true if one discards the FOR attribute on a label element, part of … Continue reading →

Over the weekend I thought about new ways in which someone can mask malware for the web. Today malware writers use a big chain of iframes and a mixture of code obfucation to hide their malware from webmasters, surfers and … Continue reading →

First off, I am not sure why Firefox 3 crashes. So I am going to speculate on this obvious stability issue a bit here. When I create an embedded object with a mime-type set to application/x-mplayer2, Firefox 3 raises a … Continue reading →

I got into contact with Sandro from enablesecurity a couple of times before. But the last time I talked with him he gave a very interesting concept that I haven't saw before. He called it: Surf Jacking, HTTPS will NOT … Continue reading →

Is anyone yet convinced why I don't trust that Large Hadron Collider? should we be concerned? I think that's a healthy question. If DNS doesn't blow up the world as we know it, the Large Hadron Collider will. You might … Continue reading →

Over the weekend I thought about new ways in which someone can mask malware for the web. Today malware writers use a big chain of iframes and a mixture of code obfucation to hide their malware from webmasters, surfers and … Continue reading →

You might have seen the new Apache Tomcat <= 6.0.18 vulnerability found by Simon Ryeo[1]. The vulnerability involved a problem in Tomcat with processing UTF-8 encoded URI's which resulted in a directory traversal and canonicalization issues while mapping the paths. … Continue reading →

This is just a walk in the park, really. Google's been on their servers before, due to some weird configuration setting. But well, it's nice to look a couple of months later to see what those foxtards actually did to … Continue reading →

Of course, I like movies and I like pranks. So what is better to have the best of both worlds then? Guess who’s back? check this out for more. source: OWASP News