All Stories

Anti DNS Pinning Without Using a Firewall

Kanatoko found a vulnerability in the DNS pinning used withing modern web browsers that can be exploited by simply shutting down an open port. This is far easier than the previous tec...

In Jan 01, 2010

Example of an Old Gmail XSS Exploit on Android

This post documents an XSS vulnerability that I discovered in the default Gmail app (v1.3) provided by Google in Android 2.1 and prior. All versions included in Android up to and incl...

In Jan 01, 2010

FireSheep Reviews

I go back and forth on whether I think FireSheep is interesting or not. Clearly, it’s old technology re-hashed. But it is interesting not because it works, but that it surprises peopl...

In Jan 01, 2010

APWG and OpenDNS

After reading a comment by David Ulevitch on a post by Dragos Lungu I was pretty interested in reading a new press release from OpenDNS on how they are “partnering” with the anti phis...

In Jan 01, 2010

Detecting Privoxy Users and Circumventing It

TOR is a pretty cool idea. It’s partially a rip off of a very old project that I helped out with in it’s inception with a bit of peer to peer built on top of it to help with anonymiza...

In Apr 20, 2009

Robots.txt Just Isn’t Working For Me

Dear Search Engines,

In Jan 01, 2009

IP Camera Control Protocol is Not Safe

When I first started on this post, I intended to write about some fun things one can do with a $30 Rosewill IP camera (RXS-3211). While I still intend to do this in the near future, I...

In Jan 01, 2009

Sergio Proxy

So after a ridiculously long period of procrastination, I finally got around to updating Sergio Proxy to make it remotely usable. I was never very happy with how the initial code turn...

In Jan 01, 2009

JavaScript Port Scanners

In case you were living in a cave the last few days or aren’t subscribed to any of the security mailing lists out there, you probably already have seen these links but I’m putting the...

In May 05, 2007

Is XSS Good For SEO?

There’s an interesting post over at Venture Skills blog talking about if XSS is actually good for SEO purposes. While I don’t have any conclusive evidence that he is wrong or right (a...

In May 01, 2007

Ads

Bypass Geo-Blocking With PureVPN. Best VPN