Twitter feed"At the @NYMISSA Chapter board meeting planning the future of our org. You get back what you give. It's been rewarding for ~10 years."13 days ago"Fascinating seeing a cultural shift unfold: NBC's The More You Know had an entire spot on choosing a good password. It's the small things..."42 days ago"Just wrote "Hello World!" in Python3 with EclipseIDE including variations to debug variables. I have an idea for a project. Fun times."53 days ago"Found a small vendor 0-day XSS today. Google hacking tells me a few others run it too. Wrote a basic PoC."54 days ago"Meeting a 10-year colleague for dinner. Our InfoSec discussions last 4+ hrs. I guess that's what happens when we talk about what we love."62 days ago"Chertoff on TV saying cyber attacks is number one US issue: most responsibility is on private sector to protect infrastructure."69 days ago"Applied 2 InfoSec: sub exploit writers for advertisers: “How, when, and why people use their devices is what matters http://t.co/qfV0mMZz42""74 days ago"Told my ideas on stuxnet justified the industrial military complex. Prob not. Only sure that confusion is sometimes better than destruction."74 days ago"Web host company fixed the 503 error. Now serving article: Malformed HTML & XSS Character Filtering: A Few Lessons http://t.co/3ifpt1SqEC"78 days ago"Malformed HTML & XSS Character Filtering: A Few Lessons http://t.co/3ifpt1SqEC"79 days ago
The Two Second SpielI'm a global information security professional. This site is dedicated to the bits and bytes of InfoSec, rather than the full-length articles I publish at bloginfosec.com. The tone is one of a less serious nature and covers the daily InfoSec grind as well as thoughts and ideas that have not (yet?) been developed into full-length articles. Unlike bloginfosec.com which maintains a high-level focus, here I also cover very technical areas.
The Mini-DisclaimerOpinions and research herein are my own and not necessarily those of my employer. All information is supplied as is. Use at your own risk! :)
- Malformed HTML & XSS Character Filtering: A Few Lessons March 4, 2013
- Vulnerability: CVE-2013-1421 – WebCalendar 1.2.5 & 1.2.6 Category Name Persistent XSS February 25, 2013
- Vulnerability: CVE-2013-1422 – WebCalendar 1.2.5 & 1.2.6 Valid User Determination February 25, 2013
- Filter Sandboxing and Fuzzing: A Web App Testing Technique February 20, 2013
- Publicly Disclosed Vulnerabilities & Exploits between 2000-2006 January 28, 2013
Sponsor Ads – Please Support!
Tags0-day 2001 articles authentication bloginfosec.com bugs china cloud computing colleague column CVE Daniel Lyons data email encryption environment ethical hacking facebook google H1N1 hack hacker hacking identity theft isaca isacany lunch malware mindset Networking new york times NSA nyc php privacy research SANS social engineering Space Odyssey spam tweets UK voice wordpress zero-day
Translate SecurityMaverick.comEnglish • Afrikaans • العربية • Беларуская • Български • Català • Česky • Cymraeg • Dansk • Deutsch • Eesti • Ελληνικά • Español • فارسی • Français • Gaeilge • Galego • हिन्दी • Hrvatski • Bahasa Indonesia • Íslenska • Italiano • עברית • Latviešu • Lietuvių • 한국어 • Magyar • Македонски • മലയാളം • Malti • Nederlands • 日本語 • Norsk (Bokmål) • Polski • Português • Română • Русский • Slovenčina • Slovenščina • Shqip • Srpski • Suomi • Svenska • Kiswahili • ไทย • Tagalog • Türkçe • Українська • Tiếng Việt • ייִדיש. • 中文 / 漢語