Comments on: 6th OWASP Conference

By: Attacking Password Recovery Facilities | ::: Dz Geniuses Team :::

Attacking Password Recovery Facilities | ::: Dz Geniuses Team ::: — Mon, 16 Feb 2009 09:30:20 +0000

[...] services to facilitate the process of extracting information even more. I recommend checking out pdp’s research on this [...]

By: Yahoo Site Explorer Spider | GNUCITIZEN

Yahoo Site Explorer Spider | GNUCITIZEN — Wed, 28 Jan 2009 13:45:17 +0000

[...] I’ve being talking about client-side spiders for quite some time now over here and here and I even came up with POC based on Yahoo Pipes for my OWASP presentation on Advanced Web Hacking Reveled, which you can find over there. [...]

By: Yahoo Pipes becomes Mage Powerful | GNUCITIZEN

Yahoo Pipes becomes Mage Powerful | GNUCITIZEN — Mon, 13 Aug 2007 22:48:15 +0000

[...] and can enable JavaScript to do things that where hardly imaginable a couple of year ago. I discussed most of these security aspects in my talk at this year OWASP in Italy and also come up with several [...]

By: pdp

pdp — Sun, 15 Jul 2007 20:03:01 +0000

Due to the fact that Yahoo is constantly changing their services, you might not be able to successfully execute this POC. At the time of publishing, the POC was working successfully.

By: XSSDB Elite | GNUCITIZEN

XSSDB Elite | GNUCITIZEN — Sun, 08 Jul 2007 19:22:45 +0000

[...] why I targeted this website in particular in my research on hacking Web2.0 services/applications (Advanced Web Hacking Revealed), presented at OWASP, Italy 2007. During the conference, I discussed how attackers can use Dapper [...]

By: Attacking Password Recovery Facilities | GNUCITIZEN

Attacking Password Recovery Facilities | GNUCITIZEN — Fri, 06 Jul 2007 08:58:31 +0000

[...] services to facilitate the process of extracting information even more. I recommend checking out pdp’s research on this [...]

By: GNUCITIZEN » Google Hacking Database

GNUCITIZEN » Google Hacking Database — Mon, 21 May 2007 13:24:52 +0000

[...] demonstration materials from my OWASP talk or read the follow up post over here. » launch | » trackback | » digg it | bookmark it with » del.icio.us | written by »pdp [...]

By: pdp

pdp — Sun, 20 May 2007 07:55:08 +0000

yes, it is possible and very probable that it will happen!

By: MacGyveR

MacGyveR — Sat, 19 May 2007 13:51:10 +0000

Have you thought of implementing redundancy on the tinyFS by using other such services in a type of software raid manner. striping or mirroring could be done here, giving potenial worms etc. a fallback if one service blocks them.

By: pdp

pdp — Fri, 18 May 2007 07:36:14 +0000

Unfortunately, PIPEs is down again. I suspect Yahoo has some serious problems. I have never seen anything like that before.

By: pdp

pdp — Thu, 17 May 2007 20:00:33 +0000

To me, the Web is one gigantic operating system with hundreds of APIs and syscalls. The browser is our shell from where we can access the WebOS features. TinyURL, although just URL shrinking service, can be used as a storage mechanism as you pointed out long time ago. However, I seriously doubt that no one has thought that this functionality will be available to JavaScript as well. Similar types of setups can significantly increase the attack surface of web based malware written entirely in JavaScript.

By: Acidus

Acidus — Thu, 17 May 2007 19:49:19 +0000

HAHA! That’s awesome! I did some work against TinyURL a year or so back with TinyDisk (http://www.msblabs.org/tinydisk). Glad to see someone else using it as a data storage system!

Go pdp!

By: pdp

pdp — Thu, 17 May 2007 19:28:56 +0000

Yahoo PIPEs is back. POCs work.

By: pdp

pdp — Thu, 17 May 2007 12:41:22 +0000

Yahoo PIPEs is down for now. Give Yahoo some time to fix the mess, then try the POCs.