Archive for February 2007
of the browser. Probably because the browser gets updated and the site is
using the visited: CSS if you visit it in once instance. Anyways, interesting stuff. Don’t forget to get the XSS book tomorrow!
Also, I’ve set up a new forum on one of my spare machines.
It’s not particularly secure right now as it’s using Debian packages. They tend to be a little out of date. But at least it’s stable. I’ll be making semi-regular backups, so it won’t be a huge issue if it’s hacked. Assuming your DNS updated by the time you read this, it should be at Kyran.ca. You’ll probably also notice the banner on the right. Yup. Easier sign-up for e-mails @kyran.ca
There was an article going around on a few sites today about Acunetix stating that 70% of websites are at immediate risk of being breached. Soon after, Joe Snyder not only disputed this claim, but bet Acunetix 1000$ they couldn’t compromise 3 out of 10 sites. I could use a thousand bucks and I bet even randomly selected I could get at least 5 out of 10 sites. RSnake wrote a post with a bit more info.
Also, Iwatsu selected Opera for use in their new VoIP phone. From the press release,
PRECOT (Premium Communication Tool) is a next generation solution over a broadband IP connection for the enterprise market. With Opera, PRECOT users can access Web mail or any Web page from the convenience of their screen phones.
It will also have phone to tag support, which basically turns any numbers formatted like a phone number into a link, when it’s clicked the phone will call it. Pretty nifty stuff.
Too bad I dislike phones.
I just wrote a paper exclusively for SudoLabs.com. It’s about the worm I wrote targeting GaiaOnline.com,
aptly named “gaiaworm”. This is the third version of the worm and the first time I’ve ever really written a paper.
Edit 1 – If you link to the paper, link to the blog post instead. I will be updating with links to who has published it as well as other updates. Thanks.
Edit – XSSed.com now has a copy of it. View it here.
— Edit 3, Apparently SudoLabs forums are dead for now. View the XSSed.com copy above!
Soon I’ll be releasing a small paper to Sudolabs.com and XSSED.com
Keep an eye out.
I figured this would happen for awhile, then he told us he was working on it, but here it finally is!
RSnake(a.k.a. Robert Hansen) has literally written the book on XSS. Well, he is a contributer as well as Seth Fogie, Jeremiah Grossman and Anton Rager. I’m really excited about this. According to the Amazon.com description, it covers the basics as well as some of the more bleeding-edge stuff. It’s set to release March 1, 2007.
You should go pre-order it now. I know I’ll be picking this up.