Wednesday March 16, 2011
Twitter add an option to force HTTPS.
Thursday February 10, 2011
The best developer / OAuth docs ever. Wow.
Thursday January 27, 2011
Very very cunning, not disimilar than the CSS :visited hack, but a bit easier. Tempted to use this.
Tuesday January 25, 2011
"...a look at how someone in Tunisia (assumption is the government) was stealing usernames and passwords from common sites like Google Mail and Facebook."
Thursday December 23, 2010
Stolen desktop gets tracked down with by the owner, using a variety of tools to find the thief and recover the machine.
Monday December 20, 2010
A proof-of-concept browser-based DDOS too. A malicious URL-shortener that uses iframes, web workers & cross domain requests to DDOS a secret target.
Tuesday December 7, 2010
"This codelab shows how web application vulnerabilities can be exploited and how to defend against these attacks. The best way to learn things is by doing, so you'll get a chance to do some real penetration testing, actually exploiting a real application"
Sunday November 28, 2010
A very clever hack, even if the scenario is pretty unlikely. Especially the tricks to reduce the number of hash calculations required.
Wednesday November 24, 2010
"In order to enter the USA, I was never touched, I was never “Backscatted,” and I was never metal detected. In the end, it took 2.5 hours, but I proved that it is possible."
Saturday November 13, 2010
"However, we can now confirm that Stuxnet requires the industrial control system to have frequency converter drives from at least one of two specific vendors, one headquartered in Finland and the other in Tehran, Iran" Wowzers. Chalk up another point for "living in a cyberpunk novel"
Wednesday October 27, 2010
Thoughts on it's sudden popularity throwing new light on an old problem. We're also starting to see some sites push out fixes.