AwghBlog

Subscribe to our feed
Tweets
- IDAPython script to automatically go to all unidentified subroutines and press 'C'. Needed this. http://t.co/L8StnqwK 6 days ago
- South Korean psy-ops now using the video as well as the music. I prefer Nancy Sinatra. http://t.co/bZMXyrUL 1 week ago
- @openfly I feel like Rupert Murdoch is more likely to be cryogenically frozen to fight future communism than Zuckerberg. 2 weeks ago
- "The potential for the disastrous rise of misplaced power exists and will persist." http://t.co/VOcSzVjA 2 weeks ago
- Sooo much useless trivia in my head. I recognized all of these: http://t.co/z3lBHZK5 2 weeks ago
- @fbz For packet, the AGW engine is maintained and programs based on it still work. Other Ham packages, not so much. http://t.co/2g9HKfR7 2 weeks ago
- @fbz Once you have a Ham license, get a WinLink email so you can talk to me when the zombies come: http://t.co/NA3cQxnj 2 weeks ago

XSS Vulnerability in Internet Explorer HTML Attachment Download

Posted on December 23rd, 2008 in Security

Update: MS fixed this issue in the IE8 6/9/09 security update. Now IE8 behaves like Firefox (unclear on whether ‘X-Download-Options: noopen’ still exists at all). I have noticed a Cross-Site Scripting vulnerability in the way Internet Explorer handles the downloading and opening of HTML files when they are downloaded as an attachment, rather than opened [...]

Tags: attachment, Content-Disposition, hacking, ie7, internet explorer, microsoft, microsoft security, noopen, pen test, Security, web application security, Web Security, X-Download-Options, xss

Read post Read 2 comments

Weaponizing Mailinator

Posted on December 17th, 2008 in Security

There has always been something deeply unsettling to me about the ‘Forgot Password’ functionality on many web sites. The ‘Forgot Password’ page exists solely to help unauthenticated users bypass the usual means of authentication. For whatever reason, many developers overlook the importance of locking this down, even after the issue of too-easily-guessable questions in Yahoo’s [...]

Tags: brute force, brute forcing, dictionary, dictionary attack, forgot password, hacking, infosec, mailinator, Mailinator-nator, Mailinatornator, password, pen test, Security, web application security, Web Security

Read post Read 2 comments

Tweets

XSS Vulnerability in Internet Explorer HTML Attachment Download

Weaponizing Mailinator

Categories

Recent Posts