Archive for January, 2007
Technika Released
Well its finally happened; pdp released the first version of Technika!
In a nutshell, Technika is like a “security distribution of Linux” originating from GreaseMonkey. Although, the original code was based on GreaseMonkey, pdp had a bad night where he couldn’t sleep and decided to completely re-write most of the original GM functions – nutcase :)
I [...]
News, News!
I know it’s been around 2 weeks since my last post but I have been involved in some really cool research and development with pdp (architect).
Whats coming:
We will be releasing “Technika”. What is it? You will have to wait and see…
I will also be updating the XSS MindMap project for those who found this useful, [...]
Same Origin Gets half-broken
Anurag Agarwal released a really interesting paper discussing a technique to break the browser same origin restriction.
This reminded me of my “JavaScript External Scanner” technique, where we use “script src=” and DHTML to request remote .js files for fingerprinting and port scanning. Anurag has taken this a step further.
The attack is fairly simple. We use [...]
DOM Race Conditions
It is interesting to note when playing with the onUnload event handler, that both Firefox and IE make requests and retrieve responses whilst the DOM is still set on the previous domain.
This got me toying with the idea of a timing attack to bypass the same-origin policy. The basic idea behind this attack is utilising [...]
WordPress Securify
WordPress Securify Plugin (WPSec)
Table of Contents:
Introduction
Installation
Development Documentation
Download
Introduction
WordPress has become one of the the most popular open source blogging software packages on the net. One of the reasons for its popularity is its powerful plugin API.
WordPress Securify (WPSec) is a security plugin for WordPress. Every hour the tests specified within WPSec will be executed. A count [...]
