All Stories

Detecting Malice With ModSecurity

Ryan Barnett has a new series he’s doing called Detecting Malice with ModSecurity that I wanted to spend a minute talking about. Firstly, it’s personally interesting, because he’s usi...

In Jan 01, 2010

WordPress SEO CSRF

Well, it’s with a bit of a saddened heart that in the first few minutes of checking through the WordPress code for CSRF I found my first vulnerability. I sat on it for a week or so un...

In Jan 01, 2010

Anti DNS Pinning Without Using a Firewall

Kanatoko found a vulnerability in the DNS pinning used withing modern web browsers that can be exploited by simply shutting down an open port. This is far easier than the previous tec...

In Jan 01, 2010

Example of an Old Gmail XSS Exploit on Android

This post documents an XSS vulnerability that I discovered in the default Gmail app (v1.3) provided by Google in Android 2.1 and prior. All versions included in Android up to and incl...

In Jan 01, 2010

FireSheep Reviews

I go back and forth on whether I think FireSheep is interesting or not. Clearly, it’s old technology re-hashed. But it is interesting not because it works, but that it surprises peopl...

In Jan 01, 2010

APWG and OpenDNS

After reading a comment by David Ulevitch on a post by Dragos Lungu I was pretty interested in reading a new press release from OpenDNS on how they are “partnering” with the anti phis...

In Jan 01, 2010

Detecting Privoxy Users and Circumventing It

TOR is a pretty cool idea. It’s partially a rip off of a very old project that I helped out with in it’s inception with a bit of peer to peer built on top of it to help with anonymiza...

In Apr 20, 2009

Robots.txt Just Isn’t Working For Me

Dear Search Engines,

In Jan 01, 2009

IP Camera Control Protocol is Not Safe

When I first started on this post, I intended to write about some fun things one can do with a $30 Rosewill IP camera (RXS-3211). While I still intend to do this in the near future, I...

In Jan 01, 2009

Sergio Proxy

So after a ridiculously long period of procrastination, I finally got around to updating Sergio Proxy to make it remotely usable. I was never very happy with how the initial code turn...

In Jan 01, 2009


Bypass Geo-Blocking With PureVPN. Best VPN