Home

RSS | Atom | E-mail

Navigate

Tags | Advanced Search

Tags

Recent Blog Entries

More intranet hacks with applets
We've already looked at one of the two big problems posed by anti DNS pinning on Java applets; because there's rebinding on the applet and not the browser you can open a channel from an Internet host to an internal system (this is also true of Flash, of ...
Frii Wii
Later on this month (29th-31st) the first European NFJS eXchange will be held in London. The NFJS speaker list is usually impressive and the London conference is no different; there's a dazzling array of industry experts featured. And me. Should be fun. ...
Intranet port forwarding
It has been known for a month or so now that proxy bypass is an effective way of breaking DNS pinning on Java applets. It's been known since forever that Java applets can interact with scripts on the parent page (same origin restrictions apply, IIRC). ...
Does Firefox implement DNS Pinning?
I've been playing around with DNS pinning over the past few weeks; mainly on how the presence of proxies affects the story, which Rsnake and Portswigger beat me to (nice work guys), but also on various other bits. Something that's caught my ...
Browser based DDOS
Everybody is saying that JavaScript is the new malware. There's an interesting application of this idea that probably hasn't occurred to many people; we've all heard about standard CSRF and using this type of technique to perform sophisticated operations ...
Integrated Windows Authentication
On the face of it Integrated Windows Authentication for your intranet applications (formerly known as NTLM) seems like a good deal; you can protect your users' credentials without needing to set up SSL (so your credentials are safer than with basic ...

Recent Responses

Re: Does Firefox implement DNS Pinning?
Yes, I was aware of this. I thought the firefox thing was noteworthy for two reasons: It seems to go against the widely understood behaviour of the browser If you can carry out this type of attack without generating too much noise (e.g. ...
Re: Does Firefox implement DNS Pinning?
You can use a closed port like 81 instead of firewalling. Check this out http://www.jumperz.n...

Summary of blogs

DWR Blogs

Joe Walker - Thoughts on Web Development

Search results

"tag:csrf"

	Title and summary	Date/time
1	Browser based DDOS Everybody is saying that JavaScript is the new malware. There's an interesting application of this idea that probably hasn't occurred to many people; we've all heard about standard CSRF and using this type of technique to perform sophisticated operatio...	17-May-2007 20:49:00
2	Integrated Windows Authentication On the face of it Integrated Windows Authentication for your intranet applications (formerly known as NTLM) seems like a good deal; you can protect your users' credentials without needing to set up SSL (so your credentials are safer than with basic au...	16-Apr-2007 20:54:00

September 2008
Mon	Tue	Wed	Thu	Fri	Sat	Sun
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30
Aug \| Today \| Oct

Username
Password
Remember me