Dette er et innlegg publisert i Kapital nr. 11 2010 som svar på et innlegg i nr. 9 av Petter Berge i North Capital I en gjestekommentar ...
Intrusion detection: doing it wrong
Quite a few thick volumes have been written on the topic of securing corporate environments - but most of them boil down to the following ad...
Yeah, about that address bar thing...
As promised, here's another interesting browser bug, showing the perils of being user-friendly. You are probably familiar with the usual...
HTTPS is not a very good privacy tool
Today, EFF announced HTTPS Everywhere - a browser plugin that automatically "upgrades" all requests to a set of predefined websit...
Browser-side XSS detectors of doom
The prevalence of cross-site scripting - an unfortunate consequence of how the web currently operates - is one of the great unsolved challen...
The curse of inverse strokejacking
This is the third interesting bug I had in my pipeline for a while. It's far less scary than the previous ones , but nevertheless, prob...
Announcing ref_fuzz, a 2 year old fuzzer
Somewhere in 2008, I created a relatively simple DOM binding fuzzer dubbed ref_fuzz . The tool attempted to crawl the DOM object hierarchy f...
Safari: a tale of betrayal and revenge
Looks like I am finally free to discuss the first interesting browser bug on my list - so here we go. I really like this one: its history go...
Sikring og gambling
Det går et hårfint skille mellom å sikre seg og å spekulere. Å gjøre det enkelt og å holde hodet kaldt gjør hele forskjellen. En avtale om f...
Đăng ký:
Nhận xét (Atom)