One of the biggest problems with PHP is certainly register_globals. Once GLOBALS are registered, you are in for a ton of trouble. Today I want to discuss unregistered variables that can be set through register_globals in another method of which … Continue reading →

You probably noticed that in my last posts I went on writing about simple attack vectors and HTML features which aren't discussed very much. While it isn't high-tech material, it can be useful in any attackers toolbox for the reason … Continue reading →

UI redressing or clickjacking has gotten a lot of attention lately, and for a good reason because it's quite malicious. If you thought it stopped at enabling webcam and microphone access, your wrong. The Adobe settings manager which is ironically … Continue reading →

Recently I discussed the general problems of objects and it's context in which they maybe behave like IFRAMES. Strictly speaking HTML's multimedia features allow the OBJECT HTML to include images, iframes, applets, and other rich content like Flash and movie … Continue reading →

Recently I discussed the general problems of objects and it's context in which they maybe behave like IFRAMES. Strictly speaking HTML's multimedia features allow the OBJECT HTML to include images, iframes, applets and other rich content like Flash. Previously HTML … Continue reading →

Writing about hacking and security isn't like anything else. It's cool and depressing, fun and dangerous at the same time. You'll never know what to expect. That's the beauty of it I guess. Since application hacking is quite well known … Continue reading →

Is anyone yet convinced why I don't trust that Large Hadron Collider? should we be concerned? I think that's a healthy question. If DNS doesn't blow up the world as we know it, the Large Hadron Collider will. You might … Continue reading →

In some cases users turn off Javascript for some security reasons. HTML has limited scripting, in fact it has almost zero scripting capabilities. Well, that is only true if one discards the FOR attribute on a label element, part of … Continue reading →

When MSIE8 beta 2 launched a few days ago, I took it for a little spin to see if it puts up what it says it does. I'm actually quite happy and surprised with the XSS filter, but one thing … Continue reading →

So I had a little fun with my new soundboard I created, starring the famous Dan Kaminski. Yes the DNS dude, for those who don't know him. A soundboard is used for making prank phone calls, which in terms can … Continue reading →