A lifetime first, a corporation LISTENS!
Mon, 13 Oct 08 01:08:38 -0600
Greetings, fellow BagelBloggers!
In a lifetime first, TheOnion.com LISTENED to me about my exploit! (After I released the exploit into the wild)
After a month of attempted contact, I released the exploit on my favorite hacking forum, and within two days, the problem was fixed!
I guess the barrage of hackers visiting, and a few white(gray?)hats contacting them got them off their asses!
All of the other corporations never email me back, with the exception of one, google. They usually ...
Security Alert For Google Chrome, Safari, and IE
Thu, 25 Sep 08 17:37:29 -0600
This is The Bagel, reporting yet another security issue to look out for!
(Google) Chrome and Safari, I have discovered are vulnerable to multiple injections other than the standard nullbyte, line feed, carriage return, and tab.
UPDATE: After some rather creative programming, I have updated the XSS_Protect() function to remove the threat of this injection.
I have determined they are vulnerable to any character Between dec00-16 or hex00-0F
This poses huge XSS security concerns, as mos...
Be Afriad, be very afraid
Mon, 22 Sep 08 12:21:34 -0600
Be afraid, be VERY afraid.
I did a google search for "shopping carts" in search of a good shopping cart for a client of mine, and naturally, opted to PEN test the demos.
Not expecting to find any security holes in professional paid shopping carts, I went forward anyway.
What I found will shock and astound you.
XSS, SQL injection, potential database exposition, you name it, I found it.
I have been in a dither all day since discovering these exploits.
Natural...
Google Chrome Security
Sat, 20 Sep 08 20:01:52 -0600
I have run a preliminary security analysis, testing the most common XSS vectors.
I have to say, I was quite saddened to learn that it was vulnerable to every inline anchor JavaScript obfuscation I could think of.
However, most of the other common XSS vectors failed.
The biggest problem was the nullbyte injection. Most browsers do not allow the nullbyte injection, but Chrome does (the other one I know of is IE).
There are limits to the injection in Chrome, for example, the nul...
Updates on Google Chrome
Wed, 17 Sep 2008 01:36:36 -0600
Time for an update!
Google Chrome has excelled in some areas, but greatly failed in others.
New Awesome Stuff Found:
- JavaScript Debugger
- Resource Manager
- Element Navigator
- Task Manager
- Very Nice View-Source Option
- Incognito Window
- Application Shortcuts
- Drag-and-Drop Download System*
- Everything Works Out of the Box
- Multiple Homepages Much Easier Than FireFox
Bad Stuff:
- No Extension