-
delicious/cdman83
Hacking CSRF Tokens using CSS History Hack Posted: 17 Jul 2009 11:56 PM PDT Ok, this is way cool! Bruteforcing the CSRF token from the URL on the client side and using the CSS history hack to check if we got it right! Very, very cool combination of existing ideas! HijackThis Logfileauswertung Posted: 17 Jul…
-
A must see southpark video
Via ZeroHedge. Usually I find Southpark videos a little too preachy / childish, but this too funny. You can watch the full episode here. After it you can enjoy some Pink Floyd 🙂
-
Bypassing SRP from PowerShell
When discussing with a reader of mine, I mentioned that the same method (patching the local process) should be possible using PowerShell. And here is the code: ######################################################### # This is a general purpose routine that I put into a file called # LibraryCodeGen.msh and then dot-source when I need it. ######################################################### function Compile-Csharp ([string]…
-
Executing arbitrary powershell script from the command line
After playing around with PowerShell, I quickly found that there seem to have been given a considerable amount of thought to the security aspect of it. Two security features which I found were: The default action for powershell scripts (.ps1) is “Edit”, not “Run”. This means that plain powershell scripts can’t create the same amount…
-
Review: Polymorphic Podcast
The Polymorphic Podcast is programming related podcast (think polymorphism as in object inheritance) which is somewhat Microsoft centric (.NET, Visual Studio, Silverlight, etc). That doesn’t mean however that there aren’t other technologies. For example the latest version talks about jQuery and managed to surprise me, with the mention of LiveQuery and SelectorGadget. An other interesting…
-
Review: Viruses Revealed
This book should be a must read for anyone thinking about malware and anti-malware (including – or especially – all the people in the media!). It is a hype-free, no-nonsense book, which doesn’t shy away from writing the truth. I found out about this book from the (ISC)2 blog, where Robert Slade (one of the…
-
delicious/cdman83
IFERROR for Excel 2003 Posted: 15 Jul 2009 06:00 AM PDT A new function in Excel 2007 – IFERROR. While a useful improvement, it is incompatible with older versions (including 2003). Adding this macro fixes it. Alternatively you could rewrite from =IFERROR(A,B) to =IF(ISERROR(A),B,A) It seems that in OpenOffice we can't use macros in formulas:…
-
Update to OVScan
I finally had a little free time to work on the OVscan script. Here are the updates: updated to the latest changes in VirusTotal updated to the latest changes in Jotti added a new scanner site (NoVirusThanks). Unfortunately they currently seem to be down for maintenance disable Virscan.Org, since they are down since a couple…
-
delicious/cdman83
43.gs: massive Google SERPs poisoning Posted: 14 Jul 2009 11:59 AM PDT The blogpost links to three free resources to track website popularity: http://www.quantcast.com/43.gs http://www.alexa.com/siteinfo/43.gs http://siteanalytics.compete.com/43.gs/ OECD Factbook eXplorer for analysing country statistics Posted: 14 Jul 2009 05:39 AM PDT Very cool visualization of the (possible) relations between different factors (as employment rate and population…
-
Careful with that UGC, PCWorld!
I was reading PC World article when I saw the “active” forum topics: My thoughts were: Their forum must be really low volume if these spammings managed to get to the top UGC (User Generated Content) can easily put your website in a “bad light”, so you should be careful when using it. Some ideas…