IE8 XSS filter
Since IE8 beta2 is out I downloaded and installed it, I wanted to take a look at the brand new XSS filter (See here*1). Basically I wanted to see how good it's at filtering XSS, I tried some tricks and...
View ArticleSomething that's gone, it's not "really" gone
If you look at RSnake XSS cheat sheet http://ha.ckers.org/xss.html you will notice that the following:<IMG SRC="javascript:alert('XSS')"<IMG...
View ArticleSomething that's gone, it's not "really" gone (II)
It seems I haven't been very clear in my previous post.I was wrong at saying that: "Actually those kind of URLs (javascript: and vbscript:) continue executing normally when you load the web page in a...
View ArticleToken Kidnapping Windows 2003 PoC exploit
It has been a long time since Token Kidnapping presentation (http://www.argeniss.com/research/TokenKidnapping.pdf) was published so I decided to release a PoC exploit for Win2k3 that alows to execute...
View ArticleToken Kidnapping Windows 2008 PoC exploit
Now it's time for Windows 2008 exploit (it should work on Windows 2003 too)You will see that the super secure IIS 7 can be owned, too weak by default :)You can find the PoC exploit here...
View ArticleBypassing Norton Antivirus "Product Tamper Protection"
What's Norton Product Tamper Protection? It's a security setting on Norton Antivirus that "Lets you protect your Norton product from an attack or modification by unknown, suspicious, or threatening...
View ArticleAntivirus, antivirus, antivirus...
My last post was about a bug in an antivirus product, not big deal, all software has bugs.I was kindly pointed to this article http://isc.sans.org/diary.html?storyid=6010 by Ryan Naraine, it's about an...
View ArticleOpening Intranets to attacks by using Internet Explorer
I just released a whitepaper titled: Opening Intranets to attacks by using Internet Explorer, I hope you find it interesting, you can find it here...
View ArticleToken Kidnapping's Revenge
Finally I got some free time to take a look at Windows for security issues, I was initialy amazed with Windows 7 and Windows 2008 R2 they looked really solid but after some time I started to find some...
View Article8 years hacking Microsoft stuff, +50 vulnerabilities found
2009 is ending and I thought it would be nice to write down my personal record on Microsoft vulnerabilities. I started finding vulns in MS products in 2002 and these are most of them:-Microsoft Biztalk...
View ArticleLittle bug in Safari and Google Chrome
I guess a bug in Safari it's not a surprise at all but Google Chrome seems to be a more secure product. Anyways this little bug is not big deal but maybe combined with other bug it could be more...
View ArticleBlogger allows to run arbitrary Javascript
I guess this is a known issue since it's so simple to do it, anyways I think people should be aware of this.Editing a blog post I realized that Blogger allows to run arbitrary Javascript in the blogs,...
View ArticleClik here to view.
Google Chrome Drag and Drop fun
You must be browsing this page with Google Chrome, if so, open any website (www.google.com will work fine) in another tab and then drag the Windows 3.1 image (below) and drop it over the other website...
View ArticleInformation security sucks (Part I)
This will be a series of short blog posts describing why I think information security sucks. Security software sucks:There are security software for any security need (or not), most of these software...
View Article
