Tales from the Crypto

         Alun Jones (Security MVP Reconnect) writes about security, cryptography, SSL, PKI, and pretty much anything else that bothers him enough.

Archive for November, 2013

November 12, 2013

Ways you haven’t stopped my XSS–Number 1, JavaScript Strings

Filed under: Programmer Hubris,XSS @ 10:54 pm

I saw this again today. I tried smiling, but could only manage a weak grin. You think you’ve defeated my XSS attack. How did you do that? Encoding or back-slash quoting the back-slash and quote characters in JavaScript strings Sure, I can no longer turn this: <script> s_prop0="[user-input here]"; </script>.csharpcode, .csharpcode pre { font-size: small; […]

November 11, 2013

There is no such thing as “small sample code”

Filed under: General Security,Programmer Hubris @ 7:56 pm

Every few months, something encourages me to make the tweet that: There is no such thing as “small sample code”, every sample you publish is an SDK of its own OK, so the choice of calling these “SDKs” is rooted in my Microsoft dev background, where “sample code” didn’t need documentation or bug tracking, whereas […]

November 9, 2013

A reminder of who I am, and what I do

Looking at my recent posts, I’ve noticed a few things – not only have I been posting very sporadically and randomly, but also I’ve been avoiding talking about a number of aspects of myself that are key to why I maintain this blog. In an effort to improve on that, I’m going to start with […]

November 3, 2013

In which a coffee store learns not to blacklist

Filed under: General Security,XSS @ 10:53 pm

I’ve been playing a lot lately with cross-site scripting (XSS) – you can tell that from my previous blog entries, and from the comments my colleagues make about me at work. Somehow, I have managed to gain a reputation for never leaving a search box without injecting code into it. And to a certain extent, […]

Why don’t we do that?

Reading a story on the consequences of the theft of Adobe’s source code by hackers, I come across this startling phrase: The hackers seem to be targeting vulnerabilities they find within the stolen code. The prediction is that they’re sifting through the code, attempting to find widespread weaknesses, intending to exploit them with maximum effect […]

© 2017 Tales from the Crypto   Provided by WPMU DEV -The WordPress Experts   Hosted by Microsoft MVPs