Updates from April, 2009

  • Some sites should fear their search boxes

    Andi 09:50 on April 15, 2009 | 3 Permalink | Reply

    Half an hour of research has shown that still many websites don’t filter their HTML for potential XSS attacks. I just entered the simple search term “<script>alert(1)</script>” into search boxes of well-known news sites in the USA, UK and Germany. I got 7 results of vulnerable websites. Some of them just include the search term unescaped into the website, others get in trouble when including the term inside embedded JavaScript strings. In the latter case I had to change the term a bit to get the script executed. The following sites are vulnerable:

    Should check your code, guys and learn …

     

  • Find a hard problem and try to solve it

    Andi 09:39 on March 9, 2008 | 0 Permalink | Reply

    That moment of wrestling with the angel, wrestling with the hard problem, that may not be able to be solved. And yet – it’s full of risk, but it’s also full of promise. That is what hacking is about. That’s what eTech is about. That’s what you are about.
    Don’t choose the easy path, don’t just go, where other people are going – saying “Oh yeah, I can make some money doing something like the latest hot thing”. Find a hard problem and try to solve it.

    Tim O’Reilly

     

c
compose new post
j
next post/next comment
k
previous post/previous comment
r
reply
e
edit
o
show/hide comments
t
go to top
esc
cancel