U R Insecure – how URI exploits are changing the webappsec landscape

This article is about the recent activities and research that have been undertaken around the area of uri handler implementations in modern browsers. It is also about the tremendous security problems that were discovered as a result of that. And it is also about the ways application developers can protect their users from the raising threat.

Once upon a time…

Browsers have URI handling features for quite some time now. [...]

more | comments | comments rss | posted by

Ad-Jacking – XSSing for Fun and Profit

How to XSS is often the topic of conversation among security professionals; however, the reason or motivation for why an attacker might want to exploit an XSS vulnerability is often limited to stealing cookies or hijacking credentials. This post takes an almost sensationalist point of you as we take you on a journey to a possible web 2.0 XSS worm armed with an Ad-Jacking payload; an attack I introduced a short time ago. [...]

more | comments | comments rss | posted by