more security articles

The Complete List

<a href="http://ha.ckers.org/blog/20090120/persistent-cookies-and-dns-rebinding-redux/">Persistent Cookies and DNS Rebinding Redux</a>

<a href="http://ha.ckers.org/blog/20090329/iphone-ssl-warning-and-safari-phishing/RFC1918%20Blues">iPhone SSL Warning and Safari Phishing</a>

<a href="http://ha.ckers.org/blog/20090608/rfc1918-blues/">RFC 1918 Blues</a>

<a href="http://ha.ckers.org/blog/20090617/slowloris-http-dos/">Slowloris HTTP DoS</a>

<a href="http://ha.ckers.org/blog/20090630/csrf-and-ignoring-basicdigest-auth/">CSRF And Ignoring Basic/Digest Auth</a>

<a href="http://ha.ckers.org/blog/20090713/hash-information-disclosure-via-collisions-the-hard-way/">Hash Information Disclosure Via Collisions - The Hard Way</a>

<a href="http://www.thesecuritypractice.com/the_security_practice/2009/03/socket-capable-browser-plugins-result-in-transparent-proxy-abuse.html">Socket Capable Browser Plugins Result In Transparent Proxy Abuse</a>

<a href="http://ha.ckers.org/blog/20090720/xmlhttpreqest-ping-sweeping-in-firefox-35/">XMLHTTPReqest “Ping” Sweeping in Firefox 3.5+</a>

<a href="http://ha.ckers.org/blog/20091116/session-fixation-via-dns-rebinding/">Session Fixation Via DNS Rebinding</a>

<a href="http://ha.ckers.org/blog/20090727/quicky-firefox-dos/">Quicky Firefox DoS</a>

<a href="http://ha.ckers.org/blog/20091117/dns-rebinding-for-credential-brute-force/">DNS Rebinding for Credential Brute Force</a>

<a href="http://ha.ckers.org/blog/20090809/smbenum/">SMBEnum</a>

<a href="http://ha.ckers.org/blog/20091118/dns-rebinding-for-scraping-and-spamming/">DNS Rebinding for Scraping and Spamming</a>

<a href="http://ha.ckers.org/blog/20090811/smb-decloaking/">SMB Decloaking</a>

<a href="http://ha.ckers.org/blog/20090810/de-cloaking-in-ie70-via-windows-variables/">De-cloaking in IE7.0 Via Windows Variables</a>

<a href="http://ha.ckers.org/blog/20090819/itms-decloaking/">itms Decloaking</a>

<a href="http://foregroundsecurity.com/MyBlog/flash-origin-policy-issues.html">Flash Origin Policy Issues</a>

<a href="http://skeptikal.org/2009/11/cross-subdomain-cookie-attacks.html">Cross-subdomain Cookie Attacks</a>

<a href="http://blog.mindedsecurity.com/2009/05/http-parameter-pollution-new-web-attack.html">HTTP Parameter Pollution (HPP)</a>

<a href="http://sirdarckcat.blogspot.com/2009/04/how-to-use-google-analytics-to-dos.html">How to use Google Analytics to DoS a client from some website.</a>

<a href="http://sirdarckcat.blogspot.com/2009/08/our-favorite-xss-filters-and-how-to.html">Our Favorite XSS Filters and how to Attack them</a>

<a href="http://www.thespanner.co.uk/2008/12/01/location-based-xss-attacks/">Location based XSS attacks</a>

<a href="http://www.thespanner.co.uk/2009/01/04/phpids-bypass/">PHPIDS bypass</a>

<a href="http://www.thespanner.co.uk/2009/01/07/i-know-what-your-friends-did-last-summer/">I know what your friends did last summer</a>

<a href="http://www.thespanner.co.uk/2009/01/28/detecting-ie-in-12-bytes/">Detecting IE in 12 bytes</a>

<a href="http://www.thespanner.co.uk/2009/01/29/detecting-browsers-javascript-hacks/">Detecting browsers javascript hacks</a>

<a href="http://www.thespanner.co.uk/2009/02/24/inline-utf-7-e4x-javascript-hijacking/">Inline UTF-7 E4X javascript hijacking</a>

<a href="http://www.thespanner.co.uk/2009/03/20/html5-xss/">HTML5 XSS</a>

<a href="http://www.thespanner.co.uk/2009/05/08/opera-xss-vectors/">Opera XSS vectors</a>

<a href="http://www.thespanner.co.uk/2009/06/01/new-phpids-vector/">New PHPIDS vector</a>

<a href="http://www.thespanner.co.uk/2009/11/23/bypassing-csp-for-fun-no-profit/">Bypassing CSP for fun, no profit</a>

<a href="http://www.thespanner.co.uk/2009/11/23/twitter-misidentifying-context/">Twitter misidentifying context</a>

<a href="http://www.thespanner.co.uk/2009/11/23/ping-pong-obfuscation/">Ping pong obfuscation</a>

<a href="http://www.thespanner.co.uk/2009/12/06/html5-new-xss-vectors/">HTML5 new XSS vectors</a>

<a href="http://sirdarckcat.blogspot.com/2008/10/about-css-attacks.html">About CSS Attacks</a>

<a href="http://jeremiahgrossman.blogspot.com/2009/08/web-pages-detecting-virtualized.html">Web pages Detecting Virtualized Browsers and other tricks</a>

<a href="http://jeremiahgrossman.blogspot.com/2009/06/results-unicode-leftright-pointing.html">Results, Unicode Left/Right Pointing Double Angel Quotation Mark</a>

<a href="http://jeremiahgrossman.blogspot.com/2009/03/detecting-private-browsing-mode.html">Detecting Private Browsing Mode</a>

<a href="http://scarybeastsecurity.blogspot.com/2009/12/cross-domain-search-timing.html">Cross-domain search timing</a>

<a href="http://scarybeastsecurity.blogspot.com/2009/06/bonus-safari-xxe-only-affecting-safari.html">Bonus Safari XXE (only affecting Safari 4 Beta)</a>

<a href="http://scarybeastsecurity.blogspot.com/2009/06/apples-safari-4-also-fixes-cross-domain.html">Apple's Safari 4 also fixes cross-domain XML theft</a>

<a href="http://scarybeastsecurity.blogspot.com/2009/06/apples-safari-4-fixes-local-file-theft.html">Apple's Safari 4 fixes local file theft attack</a>

<a href="http://scarybeastsecurity.blogspot.com/2009/05/more-plausible-e4x-attack.html">A more plausible E4X attack</a>

<a href="http://schmoil.blogspot.com/2009/01/brief-description-of-how-to-become-ca.html">A brief description of how to become a CA</a>

<a href="http://www.phreedom.org/research/rogue-ca/">Creating a rogue CA certificate</a>

<a href="http://i8jesus.com/?p=37">Browser scheme/slash quirks</a>

<a href="http://i8jesus.com/?p=75">Cross-protocol XSS with non-standard service ports</a>

<a href="http://i8jesus.com/?p=48">Forget sidejacking, clickjacking, and carjacking: enter “Formjacking”</a>