Comments on: Google AJAX Feed API Dangers http://www.gnucitizen.org/blog/google-ajax-feed-api-dangers/ Information Security Think Tank Tue, 06 Jan 2009 05:51:22 +0000 http://wordpress.org/?v=2.7 hourly 1 By: Kishor http://www.gnucitizen.org/blog/google-ajax-feed-api-dangers/comment-page-1/#comment-16702 Kishor Wed, 25 Apr 2007 12:56:32 +0000 http://www.gnucitizen.org/blog/google-ajax-feed-api-dangers#comment-16702 I can't wait any longer to see what you present at OWASP con. But I live faaar away from Italy, and therefore a video would help! Otherwise I'm sure you'll share it in some other form anyway. I can’t wait any longer to see what you present at OWASP con.

But I live faaar away from Italy, and therefore a video would help!

Otherwise I’m sure you’ll share it in some other form anyway.

]]> By: pdp http://www.gnucitizen.org/blog/google-ajax-feed-api-dangers/comment-page-1/#comment-16645 pdp Wed, 25 Apr 2007 10:22:22 +0000 http://www.gnucitizen.org/blog/google-ajax-feed-api-dangers#comment-16645 you are telling me that... :) wait for the OWASP con. I have some really good stuff for it. you are telling me that… :) wait for the OWASP con. I have some really good stuff for it.

]]> By: Kishor http://www.gnucitizen.org/blog/google-ajax-feed-api-dangers/comment-page-1/#comment-16615 Kishor Wed, 25 Apr 2007 09:02:49 +0000 http://www.gnucitizen.org/blog/google-ajax-feed-api-dangers#comment-16615 One thing is for sure. Now we can have thousands of web pages subscribing to http://sla.ckers.org/forum/rss.php http://www.securityfocus.com/rss/vulnerabilities.xml etc. And along with google search API, they can exploit sites as soon as the advisories are released. One thing is for sure. Now we can have thousands of web pages subscribing to
http://sla.ckers.org/forum/rss.php
http://www.securityfocus.com/r.....lities.xml
etc.

And along with google search API, they can exploit sites as soon as the advisories are released.

]]> By: pdp http://www.gnucitizen.org/blog/google-ajax-feed-api-dangers/comment-page-1/#comment-15657 pdp Mon, 23 Apr 2007 08:40:25 +0000 http://www.gnucitizen.org/blog/google-ajax-feed-api-dangers#comment-15657 MustLive, actually I am actively taking part in the "Public site vulnerability research" panel so I will try present my point of view. I think that OWASP does a good job at exposing what has been discussed on their conferences. However, If the miss something I most definitely put it on GNUCITIZEN. MustLive, actually I am actively taking part in the “Public site vulnerability research” panel so I will try present my point of view.

I think that OWASP does a good job at exposing what has been discussed on their conferences. However, If the miss something I most definitely put it on GNUCITIZEN.

]]> By: MustLive http://www.gnucitizen.org/blog/google-ajax-feed-api-dangers/comment-page-1/#comment-15337 MustLive Sun, 22 Apr 2007 01:35:26 +0000 http://www.gnucitizen.org/blog/google-ajax-feed-api-dangers#comment-15337 Google AJAX Feed API is nice. And yes, it has dangers :-). The security aspects of this are obvious. And you remember about it for web community once more (it is necessary to remember periodically about danger of some things to people). Circumventing of SOP especially. In some case SOP need to be circumvented (for hackers). P.S. You can talk about the legal side of disclosing bugs at conference, if you are going to. But you need to incline that it is legal and good ;-). Disclosure policy need to be considered, but in any case it is for good purposes. Google AJAX Feed API is nice. And yes, it has dangers :-). The security aspects of this are obvious.

And you remember about it for web community once more (it is necessary to remember periodically about danger of some things to people). Circumventing of SOP especially. In some case SOP need to be circumvented (for hackers).

P.S.

You can talk about the legal side of disclosing bugs at conference, if you are going to. But you need to incline that it is legal and good ;-). Disclosure policy need to be considered, but in any case it is for good purposes.

]]> By: MustLive http://www.gnucitizen.org/blog/google-ajax-feed-api-dangers/comment-page-1/#comment-15334 MustLive Sun, 22 Apr 2007 01:24:31 +0000 http://www.gnucitizen.org/blog/google-ajax-feed-api-dangers#comment-15334 The 6th OWASP Conference will be nice event and it is good that you will be there and take part in conference. Pdp, please, think about writing summary about OWASP Conference. You may write brief info about whole conference (what was the most interesting and what do you liked more) and write detailed info about your speech (Advance Web Hacking Revealed) and your last projects. Also there are some other nice topics: * Panel: "Public site vulnerability research - good or evil?” (for good ;-) ) * Protecting Web Applications from Universal PDF XSS: A discussion of how weird the web application security world has become (UXSS is a hot topic) * Testing Flash Applications: A new attack vector for XSS and XSFlashing (it will be simultaneously with your speech) About these topics you may write additional posts (with more details than just in brief post). I think there will be a lot of interesting information on conference. The 6th OWASP Conference will be nice event and it is good that you will be there and take part in conference.

Pdp, please, think about writing summary about OWASP Conference. You may write brief info about whole conference (what was the most interesting and what do you liked more) and write detailed info about your speech (Advance Web Hacking Revealed) and your last projects.

Also there are some other nice topics:
* Panel: “Public site vulnerability research - good or evil?” (for good ;-) )
* Protecting Web Applications from Universal PDF XSS: A discussion of how weird the web application security world has become (UXSS is a hot topic)
* Testing Flash Applications: A new attack vector for XSS and XSFlashing (it will be simultaneously with your speech)

About these topics you may write additional posts (with more details than just in brief post). I think there will be a lot of interesting information on conference.

]]> By: GNUCITIZEN » TinyURL FS among Other Things http://www.gnucitizen.org/blog/google-ajax-feed-api-dangers/comment-page-1/#comment-15047 GNUCITIZEN » TinyURL FS among Other Things Fri, 20 Apr 2007 11:36:17 +0000 http://www.gnucitizen.org/blog/google-ajax-feed-api-dangers#comment-15047 [...] I guess I repeat myself but I wanted to inform you one more time about the current state of my public research. As I mentioned in my previous post, I am doing a talk on 6th OWASP conference about too many interesting things. I am not planning to talk on BlackHast or Defcon because I will be extremely busy at the time when they take place, so I will try to get out as mush information in a form of podcasts, screencasts and blog posts after OWASP. [...] [...] I guess I repeat myself but I wanted to inform you one more time about the current state of my public research. As I mentioned in my previous post, I am doing a talk on 6th OWASP conference about too many interesting things. I am not planning to talk on BlackHast or Defcon because I will be extremely busy at the time when they take place, so I will try to get out as mush information in a form of podcasts, screencasts and blog posts after OWASP. [...]

]]>