[email protected]:~$

  • Mutli Threaded Digital Rights Management

    After Sony’s DRM rootkit fiasco, I started thinking about the concept of threaded digital rights management. The concept is simple enough. Let’s say you have two computer programs. One is installed and working fine. Then a year or so later, you install a second one, and then suddenly the first...

  • Detecting Malice With ModSecurity

    Ryan Barnett has a new series he’s doing called Detecting Malice with ModSecurity that I wanted to spend a minute talking about. Firstly, it’s personally interesting, because he’s using the book and slicing and dicing a lot of the core ideas and figuring out how to implement them. But secondly,...

  • WordPress SEO CSRF

    Well, it’s with a bit of a saddened heart that in the first few minutes of checking through the WordPress code for CSRF I found my first vulnerability. I sat on it for a week or so until I had time to thoroughly test it, and sure enough, WordPress is...

  • Anti DNS Pinning Without Using a Firewall

    Kanatoko found a vulnerability in the DNS pinning used withing modern web browsers that can be exploited by simply shutting down an open port. This is far easier than the previous technique of closing the connection using a firewall. Very tricky. Kanatoko also pointed to another issue disclosed on bugzilla...

  • Example of an Old Gmail XSS Exploit on Android

    This post documents an XSS vulnerability that I discovered in the default Gmail app (v1.3) provided by Google in Android 2.1 and prior. All versions included in Android up to and including 2.1 seem to be affected, but the bug was unintentionally patched in Froyo (2.2) when Google updated the...