My Security Planet » Tags » by.xcorpitx

Feeds

13620 items (0 unread) in 75 feeds

• Jeremy Zawodny's blog
• Mozilla Webdev
• Transcendental Technical Travails
• Ian Bicking: a blog
• Hackosis

• Watchfire Application Security Insider
• BlogSecurity
• sirdarckcat
• Google Online Security Blog
• CGISecurity.com: Your Web Site and Application Security Resource
• Switch/Twitch
• mybeNi websecurity
• cat slave diary
• SecuriTeam Blogs
• Curiouser and Curiouser
• Alex's Corner
• Billy (BK) Rios
• Chris Shiflett
• christian's weblog
• funkatron.com
• GNUCITIZEN
• The Spanner
• hackademix.net
• Ruby on Rails Security Project
• It's a shampoo world anyway
• Web Security Blog
• ha.ckers.org web application security lab
• Yet Another Infosec Blog
• PHP Security Blog
• Security Thoughts
• Sunnet Beskerming Security Advisories
• Disenchant's Blog
• Sylvan von Stuppe
• Larholm.com
• The Turkey Curse
• Jeremiah Grossman
• Anurag Agarwal - Application Security Evangelist
• Ivan Ristic
• deep inside | security & tools
• omg.wtf.bbq.
• BlueHat Security Briefings
• Tactical Web Application Security
• .:Computer Defense:.

• tssci security
• Plynt Penetration Testing Blog
• Michael Howard's Web Log
• Security Retentive
• BindShell.Net
• Dominic White's .tHE pRODUCT
• SecurityFocus News
• Justice League
• Schneier on Security
• Rational Survivability
• terminal23
• 1 Raindrop
• hiredhacker.com
• Matasano Chargen
• Security Vulnerability Research & Defense
• Michael on Security - Musings on Information Security
• Fortify blog
• The Art of Software Security Assessment
• GDS Security Blog
• Vodun.org
• Robert Penz Blog
• Mark Curphey - SecurityBuddha.com
• Liminal states
• Security Ripcord
• ModSecurity Blog
• IBM Internet Security Systems Frequency X Blog
• Suspekt...
• extern blog SensePost;
• Zero in a bit

• SEO BlackHat: Black Hat SEO Blog
• busin3ss.name

• Opensourcetesting.org News

8 items tagged "by.xcorpitx"

Related tags: hacked [+]

Curiouser and Curiouser

• 

  HTML 5 differences from HTML 4

  Posted: January 22nd, 2008, 1:57pm CST

  Tags:  hacked by.xcorpitx   [edit]

  Client-side storage (sessionStorage and globalStorage) as well as offline application support (including client-side databases, offline content serving/manifests, eventing, etc) have all been codified into HTML5. Not a super big surprise because they've been in WHATWG spec for a while but certainly plan for them to take on a larger role in web apps then when they were simply implemented in Mozilla (DOMStorage) or as a browser plug-in (Google Gears)

  Attacks and defense against these features is discussed in chapters 8 and 9 of our book.

  Remember folks, its only an increased attack surface ;-)

  
  
  --
  Link (Direct) - Link (Reputation Tracking) - Discuss [1] - Reply - Recommend
• 

  Comparison of science and technology funding for DOD’s space and non-space programs

  Posted: January 18th, 2008, 8:30am CST

  Tags:  hacked by.xcorpitx   [edit]

  At your request, the Congressional Budget Office (CBO) has analyzed whether a difference exists between the Department of Defense’s (DoD’s) funding for science and technology (S&T) activities supporting unclassified space programs and its funding for S&T activities supporting other (nonspace) programs. The enclosed report indicates that funding for S&T activities supporting unclassified space programs has been less than S&T funding for other defense programs and that DoD’s plans for the future maintain that difference in funding. (Because of a lack of information, CBO’s analysis does not address the extent to which classified research might be supporting unclassified space programs.)

  It is hard to extract meaning from this. The DoD is spending more money on other things than funding non-classified space research. Ok, makes sense. However we have no idea hwo much money they are spending on funding for classified space researcher. Given China's publicly broadcast ability to blow shit out of space, you have to hope there is some classified research going on.

  
  
  --
  Link (Direct) - Link (Reputation Tracking) - Discuss [2] - Reply - Recommend
• 

  Ajaxian » Book recommendation: Ajax Security by Hoffman and Sullivan

  Posted: January 16th, 2008, 1:23pm CST

  Tags:  hacked by.xcorpitx   [edit]

  Our book, Ajax Security, made the front page of Ajaxian today. I'm so pleased it is finding traction on the mainstream Ajax new sites.

  Reviewers overuse the phrase “required reading,” but no other description fits the new book “Ajax Security” (2007, Addison Wesley, 470p). This exhaustive tome from Billy Hoffman and Bryan Sullivan places the specific security concerns of the Ajax programming model in historical perspective. It demonstrates not only new security threats that are unique to Ajax, but established threats that have gained new traction in the Web 2.0 era. It then details both the specific technical solutions and - more importantly - the mindset that are necessary to combat such threats.

  Because so many developers have historically overlooked the importance of security, the authors approach their topic for what it is: a remedial subject. They take pains to explain the basic mechanisms by which hackers have exploited insecure web applications over the last decade: cross-site request forgeries, denial of service attacks, cross-site scripting and SQL injection. Then they explain how those mechanisms have changed thanks to the rise of xmlHttpRequest, public APIs, mash-ups and aggregators. If you’ve ever read a Douglas Crockford rant about the “brokenness” of the web security model and wondered why the guy was such an alarmist, Hoffman and Sullivan are only too happy to provide you with a much-needed wake-up call.

  The rest of the review if here.

  
  
  --
  Link (Direct) - Link (Reputation Tracking) - Discuss [1] - Reply - Recommend
• 

  Like a kid in a candy store

  Posted: January 15th, 2008, 8:25am CST

  Tags:  hacked by.xcorpitx   [edit]

  and today, from the "Truly good intentions but WTF are you thinking" category

  Representatives from MySpace and the attorneys general of 49 states are announcing a new partnership to fight sexual predators and clean up social networks.

  Among the dozens of measures MySpace has agreed to take, the social network will let parents submit the e-mail addresses of their children, so the company can prevent anyone from using that address to set up a profile.

  MySpace doesn't have a stellar history when it comes to security (sorry Ramsey, I know you are trying, but you all aren't there yet). This database is a gold-mine for marketers and pedophiles alike, and I'm a little concerned about its existence.

  
  
  --
  Link (Direct) - Link (Reputation Tracking) - Discuss [1] - Reply - Recommend
• 

  Earphone Sounds Like Ocean

  Posted: January 12th, 2008, 2:07pm CST

  Tags:  hacked by.xcorpitx   [edit]

  [ Image Link ]

  The Noisy Instrument won't hook into your iPod, but it will, completely without a power source, reproduce the soothing sounds of the ocean at any time and any place (ala seashell).

  
  
  --
  Link (Direct) - Link (Reputation Tracking) - Discuss [1] - Reply - Recommend
• 

  Styrofoam Plane + Rocket Engine + SPI = teh awesome!

  Posted: January 11th, 2008, 4:09pm CST

  Tags:  hacked by.xcorpitx   [edit]

  This is what happens when you strap rocket engines to a styrofoam plane. Filmed at SPI Dynamics

  
  
  --
  Link (Direct) - Link (Reputation Tracking) - Discuss [1] - Reply - Recommend
• 

  What This Gadget Can Do Is Up to You

  Posted: January 7th, 2008, 9:55am CST

  Tags:  hacked by.xcorpitx   [edit]

  “HACKERS, welcome! Here are detailed circuit diagrams of our products — modify them as you wish.”

  That’s not an announcement you’ll find on the Web sites of most consumer electronics manufacturers, who tend to keep information on the innards of their machines as private as possible.

  But Neuros Technology International, creator of a new video recorder, has decided to go in a different direction. The company, based in Chicago, is providing full documentation of the hardware platform for its recorder, the Neuros OSD (for open source device), so that skilled users can customize or “hack” the device — and then pass along the improvements to others.

  The OSD is a versatile recorder. Using a memory card or a U.S.B. storage device, it saves copies of DVDs, VHS tapes and television programs from satellite receivers, cable boxes, TVs and any other device with standard video output.

  Because the OSD saves the recordings in the popular compressed video format MPEG-4 (pronounced EM-peg), the programs can be watched on a host of devices, including iPods and smartphones. The OSD is for sale at Fry’s, Micro Center, J&R Electronics and other locations for about $230.
  I recorded a show from a DVD this way and, to my delight, I was soon watching it on my iPod. Thank you, hackers!

  
  
  --
  Link (Direct) - Link (Reputation Tracking) - Discuss [1] - Reply - Recommend
• 

  Windows XP File Assocation Fixes

  Posted: January 3rd, 2008, 1:02pm CST

  Tags:  hacked by.xcorpitx   [edit]

  The files listed here are all ZIP files, which contain a REG (Registry) file. Each of the REG files contains the default settings for the file extension indicated.

  So I went and downloaded Netscape Communicator 4.something to test some of the JavaScript I'm writing for Memetreams. After shuttering at how arcane installers were back-in-the-day, I find that the front page of Memestreams crashes it. I figure the some of embedded Flash for Google/Youtube videos might be doing it, so I go into the browser's preferences and remove every file association hoping it will not spawn the Flash player (which in retrospect wouldn't have worked anyway... stupid object tag GUIDS...). Unfortunately, this actually killed the file associations not for the browser, but for Windows!

  
  
  --
  Link (Direct) - Link (Reputation Tracking) - Discuss [3] - Reply - Recommend

TOP RSS Gregarius 0.5.4 Tentatively valid XHTML1.0, CSS2.0 Last update: Thu May 24 12:14:11 2012