14 Oct 2010

Firefox Addons for Penetration/XSS Testing

2010 was supposed to be the year of the Tiger, but it’s felt more like the year of Pwny so far. This article covers some Firefox add-ons that help you test your own apps, whether you’re working with a penetration tester, or by default, you are the penetration tester.

29 Aug 2010

Hate Facebook Games? Turn Off the API

I spend a lot of time talking complaining about Facebook, and warning people about Facebook’s less-than-ethical privacy changes over the past year. While turning off the API altogether probably isn’t for everyone, it is possible.

25 Jan 2010

When Your WordPress Blog Gets Hacked

It happens to most bloggers at some point – your WordPress blog gets pwned, and you’re not sure where to even start. I’ve gone through this process enough times, helping friends restore their blogs after a hack that it seemed like it might be helpful if I wrote an article

03 Nov 2009

Web 2-Point-Owned: Apple.Com’s XSS Exploit

Earlier today, we got a glimpse of what happens when a big company forgets to cross their t’s and dot their i’s. And in programming, that means failing to validate user-entered data before displaying it on-screen.

25 May 2009

New Facebook Phishing Attempts

Looks like a new round of phishing attacks are well underway, targeting Facebook users. There are a few going around, and they seem to work slightly differently (although same principle) to the previous round of virus/phishing attacks from last year, featuring the Bolivar23.exe virus and the Koobface virus.

07 Nov 2008

Facebook and MySpace Users, Beware!

I have received two virus emails from two unrelated friends, indicating their accounts have been compromised. The messages are being sent through Facebook and both have had a spammy sounding subject line and a link to a geocities website. This was suspicious enough, but the fact that one message came