random dross : November 2009

November 2009 - Posts

Tuesday, November 17, 2009 12:38 PM

Current Thoughts on DNS Rebinding

RSnake and Dan Kaminsky have been talking about session fixation via DNS Rebinding . As you may recall, an attacker can't abuse your Foo.com cookies in a rebinding attack, though they can walk your browser around Foo.com content and control the session.

Posted by dross | 0 Comments

Filed under: Computer Security, Web Application Security, DNS Rebinding

Tuesday, November 03, 2009 1:21 PM

Thoughts on Legacy Character Sets

One of the things I have taken from the IE XSS Filter project is a healthy fear of legacy character sets. If you've followed Chris Weber , Scott Stender , or Yosuke Hasegawa ’s work, you know that even Unicode is... interesting. But at least in the Unicode

Posted by dross | 0 Comments

Filed under: Computer Security, Web Application Security, Cross-Site Scripting, XSS

random dross

This Blog

Syndication

Search

Tags

Archives

Other Blogs

Other Useful Stuff

Security

Twitter

November 2009 - Posts

Current Thoughts on DNS Rebinding

Thoughts on Legacy Character Sets