All Stories
Anti DNS Pinning Without Using a Firewall
Kanatoko found a vulnerability in the DNS pinning used withing modern web browsers that can be exploited by simply shutting down an open port. This is far easier than the previous tec...
In Jan 01, 2010Example of an Old Gmail XSS Exploit on Android
This post documents an XSS vulnerability that I discovered in the default Gmail app (v1.3) provided by Google in Android 2.1 and prior. All versions included in Android up to and incl...
In Jan 01, 2010FireSheep Reviews
I go back and forth on whether I think FireSheep is interesting or not. Clearly, it’s old technology re-hashed. But it is interesting not because it works, but that it surprises peopl...
In Jan 01, 2010APWG and OpenDNS
After reading a comment by David Ulevitch on a post by Dragos Lungu I was pretty interested in reading a new press release from OpenDNS on how they are “partnering” with the anti phis...
In Jan 01, 2010Detecting Privoxy Users and Circumventing It
TOR is a pretty cool idea. It’s partially a rip off of a very old project that I helped out with in it’s inception with a bit of peer to peer built on top of it to help with anonymiza...
In Apr 20, 2009IP Camera Control Protocol is Not Safe
When I first started on this post, I intended to write about some fun things one can do with a $30 Rosewill IP camera (RXS-3211). While I still intend to do this in the near future, I...
In Jan 01, 2009Sergio Proxy
So after a ridiculously long period of procrastination, I finally got around to updating Sergio Proxy to make it remotely usable. I was never very happy with how the initial code turn...
In Jan 01, 2009JavaScript Port Scanners
In case you were living in a cave the last few days or aren’t subscribed to any of the security mailing lists out there, you probably already have seen these links but I’m putting the...
In May 05, 2007Is XSS Good For SEO?
There’s an interesting post over at Venture Skills blog talking about if XSS is actually good for SEO purposes. While I don’t have any conclusive evidence that he is wrong or right (a...
In May 01, 2007Ads
Bypass Geo-Blocking With PureVPN.