I thought that this will be interesting to some of you. This is how GNUCITIZEN looked like back in 2005 when it was just a personal website rather than a group of like-minded people as it is today.

It is quite nice to look back and see how things progressed over the years.

more | comments | comments rss | posted by

Noscript HScan

After releasing my Firefox specific history scanner, RSnake came up with his own bleeding edge history scanning technique which is based on Jeremiah Grossman’s implementation but it does not require JavaScript. This approach has its own limitations and advantages.

On the advantages side, you don’t really need JavaScript to steal the victim’s browser history anymore. [...]

more | comments | comments rss | posted by

HScan Redux

Inspired by Michal Zalewski‘s recent Firefox bug hunt, I decided to give it a go and see what I can come up with. We all know how vulnerable Firefox and other browsers are. This is the reason why I am not particularly interested in finding specific browser bugs.

This vulnerability is not a reworked version of Jeremiah Grossman history hack. It is completely different and it should be treated as a new issue. [...]

more | comments | comments rss | posted by