14 Oct 2010

Firefox Addons for Penetration/XSS Testing

2010 was supposed to be the year of the Tiger, but it’s felt more like the year of Pwny so far. This article covers some Firefox add-ons that help you test your own apps, whether you’re working with a penetration tester, or by default, you are the penetration tester.

5
29 Aug 2010

Hate Facebook Games? Turn Off the API

I spend a lot of time talking complaining about Facebook, and warning people about Facebook’s less-than-ethical privacy changes over the past year. While turning off the API altogether probably isn’t for everyone, it is possible.

2
25 Jan 2010

When Your WordPress Blog Gets Hacked

It happens to most bloggers at some point – your WordPress blog gets pwned, and you’re not sure where to even start. I’ve gone through this process enough times, helping friends restore their blogs after a hack that it seemed like it might be helpful if I wrote an article

53
03 Nov 2009

Web 2-Point-Owned: Apple.Com’s XSS Exploit

Earlier today, we got a glimpse of what happens when a big company forgets to cross their t’s and dot their i’s. And in programming, that means failing to validate user-entered data before displaying it on-screen.

4
25 May 2009

New Facebook Phishing Attempts

Looks like a new round of phishing attacks are well underway, targeting Facebook users. There are a few going around, and they seem to work slightly differently (although same principle) to the previous round of virus/phishing attacks from last year, featuring the Bolivar23.exe virus and the Koobface virus.

10
07 Nov 2008

Facebook and MySpace Users, Beware!

I have received two virus emails from two unrelated friends, indicating their accounts have been compromised. The messages are being sent through Facebook and both have had a spammy sounding subject line and a link to a geocities website. This was suspicious enough, but the fact that one message came

23