Ugens udflugt... | Random Pseudo Permutations

My first rickroll

By paranoid March 31, 2011 security No Comments

Every time I find an XSS I always save it in Delicious. The other night I did the same but something was different. The “save bookmarks” dialogue looked a little…

Day 27: Cross-site scripting vulnerability at hulu.com

By paranoid February 28, 2011 security No Comments

Like any good security vulnerability this one starts with a good friend suggesting a link, this time a tv-show on Hulu. Since it’s XSS awareness month my attention immediately went…

Day 24: Cross-site scripting vulnerability (XSS) at .apple.com

By paranoid February 25, 2011 security No Comments

Powerful big companies or tiny small startups, we are all e potentially vulnerable to cross-site scripting attacks. I recently notified Bagcheck about an XSS. 7mins after the notification I received…

Day 19: Cross-site scripting vulnerability at netflix.com

By paranoid February 19, 2011 security, Ævl No Comments

Doing a little research before a movie night I was looking thru the Netflix movie database. I couldn’t really decide which movie to watch, so I looked for completely unrelated…

Day 7 and 8: Safer Internet Day

By paranoid February 9, 2011 Ævl No Comments

Earlier this week I was made aware that everybody in Denmark got a copy of the “Net Sikker Nu” magazine. It’s part of a yearly campaign to educate users how…

Day 6: Why can’t you fix an XSS in less than a week?

By paranoid February 7, 2011 security 3 Comments

In Day 4 and the first success I wrote about how Yubico.com responded and fixed the vulnerability I found in their web site. I have had other site owners respond…

Day 5: The most popular vulnerabilities

By paranoid February 6, 2011 security 2 Comments

Vulnerability statistics When I started this research I had no idea what I was looking for I just did it for the thrill of discovery or fun. After a while…

Day 4 and the first success

By paranoid February 5, 2011 security 1 Comment

I had 211 XSS when I started writing this series of blog posts, the total as of writing this post is 237. These vulnerabilities are so ubiquitous that I will…

Obligations

By paranoid February 4, 2011 security 2 Comments

Due to a bad cold I was not able to post anything yesterday. Rest assured that you will not miss any of the daily letters nor any of the TLDs.…

Cross-site scripting awareness month

By paranoid February 2, 2011 Ævl No Comments

I am going to declare February my personal Cross-site scripting (XSS) awareness month. It’s short enough that writing a post every day is manageable. Although I have no detailed plan…

« Previous