Category: web

  • Does Google Chrome prevent CSRF?

    Some time ago I was reading the article Session Destroyer: Automatic Webapp Session Invalidation from the Linux Journal. It was a neat idea, however the part which peeked my interest was the following: Mozilla Firefox does not protect you against this attack by default. However, Google Chrome supposedly does because they implement each tab in […]

  • SDHC – Shared Dictionary Compression

    I saw the following article on the GOS blog: Google Search Pages Load Faster if You Use Google Toolbar. It turns out that Google added an experimental feature in the Google web servers and the Google toolbar to reduce the network traffic by supplying a dictionary of frequently used page elements (BTW, I find the […]

  • Rewriting history

    I came over this article: Our Revised News and it reminded me of a huge problem: it is very easy to modify things on websites and then claim that “it was like this since the start of times” (sidenote: you can f’*** it up and let the HTTP server show the real update date in […]

  • PHP security is scary!

    I knew that PHP limits the amount of memory that one script can allocate, so life is good, right? Right? Wrong! Reading the documentation it states: Changeable – PHP_INI_ALL, meaning that you can change it using ini_set from the script itself. Even worse, it goes on to say: “Note that to have no memory limit, […]

  • Google broke the Internet!

    Short summary: Google maintains a list of “malicious URL’s”. This list is used both to offer warnings on the search results and to warn users in third-party applications (like Firefox 3) via the Google Safe Browsing API. The format of the blacklist is such that arbitrary subelements of the URL can be used. This is […]

  • SSLFail

    Tyler and Marcin started the site SSLFail.com, which inspired me to do some digging of my own. The results are shocking! A few words about the methodology: I took the top 1 000 000 sites list from Alexa (love them or hate them for their toolbars, but it is very nice of them to provide […]

  • Preventing your site from becomming a spammer heaven

    An other resource to help webmasters keep their new years resolution: Preventing Virtual Blight complete with video and slides 🙂

  • Circumventing web filtering software

    I was reading the Messing with Web Filtering Gateways post from GNU Citizen, and here are some comments / ideas: The problem is the impedance mismatch between the way the filtering software is parsing the headers and the way the webserver parses them. There will always be corner cases… For example, it would be interesting […]

  • Using a single file to serve up multiple web resources

    While trying to set up my GHDB mirror, my first thought was to use googlepages. I quickly found the bulk upload to googlepages how to by X de Xavier, which is a very cool tool (and also an interesting way to hack your “chrome”), but unfortunately I found that Google Pages has a limit of […]

  • GHDB mirror

    Seeing that the GHDB (Google Hacking DataBase) might soon disappear (the site was offline for weeks recently for example), I grabbed a mirror of it and put it up on a free hosting website (no, not that one) – enjoy it while it lasts: the main page a link to each individual entry – this […]