Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
If you have some interesting news or want to throw up a link to discuss it, here's the place. Anything is okay, even shameless vendor launches (since that is often applicable to what we work on). 

Pages: 12Next
Current Page: 1 of 2
Results 1 - 30 of 47
6 years ago
Om
Quote Does that mean I'm not cool anymore if I just used it for a harmless prank and helped the admin fix everything afterwards? The question is how many are really going to listen to you and fix it! If ($they_do) echo "Cool!"; Else{ screwThem(); echo "Khoool :P"; } I'd informed my company about the flaws in the internal blog server. I was told that it'll
Forum: OMG Ponies
6 years ago
Om
My tryst with destiny http://sla.ckers.org/forum/read.php?2,20088,20088 :P BTW, are you sure you are getting cookie? I tried testing but blogger doesn't vomit any cookie values. Just a blank alert box. :| Link: http://icanhazxss.blogspot.com/ Additionally, Blogger doesn't seem to be using HttpOnly cookie.
Forum: CSRF and Session Info
6 years ago
Om
You might also want to have a look at SELinux.
Forum: Privacy
6 years ago
Om
Did you follow all the steps specified in the installation guide? There are a few dependencies. It'd be great if you could join the w3af mailing list and post, along with the stack trace, there. The project isn't stable yet, and we needs bug reports like these. Further, you could also update to beta6 and see if it's already fixed.
Forum: Projects
6 years ago
Om
How exactly do you think this wiki would be different from OWASP? Please not that I do not wish to nullify your suggestion. I like it. In fact, I had a few similar thoughts, like placing accessible links to all the exploits and tools in Web App Sec world (like Portscanning using Javascript/CSS, Hackverter, Browserfry, etc. etc. etc.) under one roof. What I wish to say that instead of staring a
Forum: Projects
6 years ago
Om
Of course. But again, you need to implement T-FA to be PCI complaint. We are considering PhishCops for a client who wants some *product* to reduce Phishing attacks in their Banking application. We do realize that Phishing attacks can't be stopped completely. However, I thought it'd be good to consult a few of you who have any exposure to the PhishCops thingy. I mean they want a *product*, why no
Forum: News and Links
6 years ago
Om
What! uh! I'd read about GModules but didn't know about Blogger. My bad guys. :)
Forum: XSS Info
6 years ago
Om
Remember RSnake's Image upload XSS post? Seems like you don't really need to upload any image for blogger. :) http://icanhazxss.blogspot.com/ I was just playing around and found that this might work, so created a temporary blog on BlogSpot. Is this already a known vuln?
Forum: XSS Info
6 years ago
Om
tx, Nice! Although I am not sure how helpful it'd be, but it's always good to know that such a thing exists :) By the way, I was having a look at this review and it says, "oddly including Lisp but excluding Java". On the contrary, the editorial review mentions that it includes Java. Could you confirm it?
Forum: SQL and Code Injection
6 years ago
Om
Hi, Phishcops promises to provide an approved T-FA (Two Factor Authentication), and also to protect against Phishing attacks. It was, reportedly, the semi-finalist for Homeland Security Awards in 2005, and 2007. The modus operandi looks nice. I do realize that there is no substitute for user awareness when it comes to Phishing. What I would like to know is: 1. Has anyone implemeneted/come-acr
Forum: News and Links
6 years ago
Om
dann Wrote: ------------------------------------------------------- > What should be really amazing, is if I could find > a big list with dangerous functions and methos in > Java and J2EE focused in Web Applications and a > short description about that. Anyone knwo a list > like that? Maybe in some book? Unforunately, there isn't any such magical list. Although we can ta
Forum: SQL and Code Injection
6 years ago
Om
Nice coincidence (for me at least) :) http://www.bitdefender.com/VIRUS-1000239-en--Trojan.Qhost.WU.html
Forum: OMG Ponies
6 years ago
Om
I recalled it was me who had changed it quite some time ago (using a sample hosts file available on some blog). So basically it was my own damn memory's fault :| Anyhoo, nice experience :)
Forum: OMG Ponies
6 years ago
Om
Maone, dude. You seriously rock :) *bows down in respect* p.s. I just don't remember when I edited the host file.:P Does AdBlock Plus (or any other tool) automatically does this?
Forum: OMG Ponies
6 years ago
Om
Hi, am visiting Slackers after a loooong gap. Anyways. I was playing around with a DOM manipulation script on my laptop, and simultaneously checking the logs on the local server. Again, the script and the server (Apache) are local. Suddenly, I saw the following two entries: 127.0.0.1 - - [18/Dec/2007:19:39:26 +0530] "GET /iview/msnnkhac001160x600Xdig1600000185msn/direct;wi.160;hi.600/
Forum: OMG Ponies
6 years ago
Om
hehe I am working on a presentation (named "The Web is Broken: Why every feature is in fact, a loophole"). I think I'll use this picture. Thanks a ton :) Anything on XSS, CSRF etc.??? ;)
Forum: SQL and Code Injection
6 years ago
Om
Ronald Wrote: ------------------------------------------------------- > My argument will be: So, you trust others? I trust > no-one. What to say after the killer line ;) Another argument, IMHO, could be the flexibility and control provided by NoScript. Not every user knows how to play with about:config. Moreover, there are times when we DO require javascript (and related technologie
Forum: News and Links
6 years ago
Om
@Ma1: That's completely all right. :) Thanks.
Forum: News and Links
6 years ago
Om
@Ma1: That was fast Dude. I am becoming your fan. :) ...and by the way, it was my request too :)
Forum: News and Links
6 years ago
Om
@thrill: Whose fault is it when you use a crappy AntiVirus? Didn't Billy tell you to use the Long-Horn-y AV??? Oh and Yes! It protects against patents too.
Forum: News and Links
6 years ago
Om
Main blog: PROJectBee Collaborative poetry blog (just in case any one likes Urdu/Punjabi poetry :) ): Dervesh @Ronald: Hey, I have subscribed your blog using Goog Reader, but it doesn't seem to update after the Secure Flowchart post. (I get the updation news from SecGeeks though.)
Forum: News and Links
6 years ago
Om
*Just in case* anybody missed it.
Forum: News and Links
6 years ago
Om
sirdarckcat Wrote: ------------------------------------------------------- > I'm just happy that my workfield wont dissapear in > the following years, and worried about what could > appear in the following versions, features are > allways the biggest thread of security. (For continuation) I am currently evaluating WebApp scanners for my company, and I stumbled across w3af. I f
Forum: News and Links
6 years ago
Om
Gareth Heyes Wrote: ------------------------------------------------------- > @ma1 > > Oh yeah you know I'm a fan of your plugin but hey > a little more praise won't hurt.... > > Your plugin rocks! > > I can't wait for the 1.1.7.1 release I second (third and fourth) that :P Honestly Ma1. NoScript rocks. :)
Forum: News and Links
6 years ago
Om
Quote I don't know anyone -besides people in the appsec corner- that is using NoScript. I completely agree with this... and we cannot really blame people for it. Let's face it, they don't have to worry about what Javascript can do to them, and how IFrames can exploit their system. However, what my point was that unless these issues are *reduced*, may be through Content Restriction, why not hav
Forum: News and Links
6 years ago
Om
Gareth has an interesting suggestion on his blog. In his new entry IFrames are Evil, he suggests introduction of some html attribute (or tag) to disable/enable iframes. Considering the possibilities of attacks using iframes, ranging from CSRF to CSS attacks, (and the recent Bank Of India "drive-by download" hack, where malwares were downloaded onto the victims computer), I thought it'd
Forum: News and Links
7 years ago
Om
@Ronald: Sorry is a BIG word to be used here. :) This discussion inspired me to get into browser details too. I should rather thank you guys. @Ron: hehehe. Pretty much same here. I just have an idea of what they were talking...that's it... but I am sure I'll catch up pretty soon. :)
Forum: News and Links
7 years ago
Om
rsnake Wrote: ------------------------------------------------------- > If you ever decide to come back I think > you'd be warmly welcomed by a good chunk of your > readership. I second that. Whatever I've learnt till now is a result of several books, sites, and blogs... and your blog is one of them. ...and as Gareth says, "prove them wrong". That's where the fun lies
Forum: News and Links
7 years ago
Om
hackathology Wrote: ------------------------------------------------------- > Damn, Om the whole thing is off the topic, hehe, yeah. That's the trouble with *some* security researchers ;) At one moment you're talking about a language, and the other moment they'll break the browser. Duh! :P > however, i am learning, still i dunno wat is going > wrong. Wrong! Where? In java or
Forum: News and Links
7 years ago
Om
Apologies. This, accidentally, was a double post with the same contents :(
Forum: Full Disclosure
Pages: 12Next
Current Page: 1 of 2