There are no blog entries for the chosen time period.
Mark Goodwin's Blog
Security, information, miscellanea
Navigate
| November 2007 | ||||||
| Mon | Tue | Wed | Thu | Fri | Sat | Sun |
| 1 | 2 | 3 | 4 | |||
| 5 | 6 | 7 | 8 | 9 | 10 | 11 |
| 12 | 13 | 14 | 15 | 16 | 17 | 18 |
| 19 | 20 | 21 | 22 | 23 | 24 | 25 |
| 26 | 27 | 28 | 29 | 30 | ||
| Oct | Today | Dec | ||||||
Search
Archives
Tags
Recent Blog Entries 
- More intranet hacks with applets
We've already looked at one of the two big problems posed by anti DNS pinning on Java applets; because there's rebinding on the applet and not the browser you can open a channel from an Internet host to an internal system (this is also true of Flash, of ... - Frii Wii
Later on this month (29th-31st) the first European NFJS eXchange will be held in London. The NFJS speaker list is usually impressive and the London conference is no different; there's a dazzling array of industry experts featured. And me. Should be fun. ... - Intranet port forwarding
It has been known for a month or so now that proxy bypass is an effective way of breaking DNS pinning on Java applets. It's been known since forever that Java applets can interact with scripts on the parent page (same origin restrictions apply, IIRC). ... - Does Firefox implement DNS Pinning?
I've been playing around with DNS pinning over the past few weeks; mainly on how the presence of proxies affects the story, which Rsnake and Portswigger beat me to (nice work guys), but also on various other bits. Something that's caught my ... - Browser based DDOS
Everybody is saying that JavaScript is the new malware. There's an interesting application of this idea that probably hasn't occurred to many people; we've all heard about standard CSRF and using this type of technique to perform sophisticated operations ... - Integrated Windows Authentication
On the face of it Integrated Windows Authentication for your intranet applications (formerly known as NTLM) seems like a good deal; you can protect your users' credentials without needing to set up SSL (so your credentials are safer than with basic ...
Recent Responses
- Re: Does Firefox implement DNS Pinning?
Yes, I was aware of this. I thought the firefox thing was noteworthy for two reasons: It seems to go against the widely understood behaviour of the browser If you can carry out this type of attack without generating too much noise (e.g. ... - Re: Does Firefox implement DNS Pinning?
You can use a closed port like 81 instead of firewalling. Check this out http://www.jumperz.n...
Summary of blogs
Login
Powered by Pebble 2.3.1
|
Login