Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Whether this is about ha.ckers.org, sla.ckers.org or some other project you are interested in or want to talk about, throw it in here to get feedback. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Directions of 2007
Posted by: Kyran
Date: December 15, 2006 12:06PM

So, what are you guys planning for 2007?

The last quarter of this year, RSnake and Jeremiah pretty much destroyed any security we thought we had left. Including the "I'll just browse without javascript" mantra. Could you really call that browsing anyways? Most sites need Javascript now.

- Kyran

Options: ReplyQuote
Re: Directions of 2007
Posted by: rsnake
Date: December 15, 2006 12:20PM

I'd really like to find the mhtml: issue equivalent in Firefox. :) I want to read any page anywhere from someone else's machine, regardless of the machine.

Short of that, I'd like to perfect an idea I've had for a while on how to XSS abouuuuut 80% of websites out there from abouuuuuut 75% of browsers. If I could get off my ass and buy some software I think I could prove that it works. Short of that, whatever I can do on the cheap is what I'll do in 2007. ;)

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: Directions of 2007
Posted by: jungsonn
Date: December 15, 2006 03:57PM

Time for FireFox to implement HTTPOnly Cookies, real shame on them if they don't fix this in the next build. Would save alot of headaches, cause javascript is restricted of accessing the cookies. It would slam out many XSS exploits that use cookies.

Options: ReplyQuote
Re: Directions of 2007
Posted by: rsnake
Date: December 18, 2006 01:22PM

Although XMLHTTPRequest does allow you to see the cookies, so yes, it would slow a lot of newbies down, it wouldn't completely mitigate the risk. And btw, for anyone who hasn't already seen this there is a Firefox HTTPOnly extention:

https://addons.mozilla.org/firefox/3629/

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote


Sorry, only registered users may post in this forum.