random dross

Web security and beyond...

November, 2009

  • random dross

    Thoughts on Legacy Character Sets

    • 0 Comments
    One of the things I have taken from the IE XSS Filter project is a healthy fear of legacy character sets. If you've followed Chris Weber , Scott Stender , or Yosuke Hasegawa ’s work, you know that even Unicode is... interesting. But at least in the Unicode...
  • random dross

    Current Thoughts on DNS Rebinding

    • 0 Comments
    RSnake and Dan Kaminsky have been talking about session fixation via DNS Rebinding . As you may recall, an attacker can't abuse your Foo.com cookies in a rebinding attack, though they can walk your browser around Foo.com content and control the session...
Page 1 of 1 (2 items)