Papers
XSS for Fun and Profit
Ad-Jacking part 1
Ad-Jacking is a term I coined for this article to categorise covert Ad hacking schemes. Why Ad-Jacking, well because thats effectively what we are doing.
Understanding this paper requires us to have a little understanding around
what types of Ads make us money. So firstly let us go over the current Ad
system; the following table [...]
Writing Secure WordPress Plugins
Title: Writing Secure WordPress Plugins (part 1)
Author: David Kierznowski
Site: Operation n
Date: 17 May 2007
Table of Contents
Introduction
attribute_escape
wp_nonce
Summary
References
Introduction
WordPress has become one of the most popular blogging packages on the Internet; this is largely due to its ease of use and its object oriented design which allows the user to easily extend its capabilities in the form of [...]
Hotlinks and Persistent CSRF
[Hotlinking] is the placing of a linked object, often an image, from one site into a web page belonging to a second site. The second site is said to have an inline link to the site where the object is located. Inline linking is also known as hotlinking, leeching, direct linking or bandwidth theft – [...]
Trusted Browser Security Model
This paper includes some of my thoughts (’request for comments’) regarding minimizing the affects of client-side related browser attacks using the Trusted Computing Solution. It includes some of my initial thoughts.
Restrictions & Limitations: The semantic web is a security nightmare and certainly will not agree with these ideas. Right lets get on with it..brainstorming…
As always [...]
Backdooring the Web 1
Is it just me or is it cold in the security room? Has anyone noticed that the security community is having a hard time letting go of “traditional” vulnerabilities and welcoming the new? I am not saying that *Overflows, Format String vuls etc are finished, in fact I think they will be around for some [...]
