Scary Beasts Security

JULY 22, 2010

Firefox just released version 3.6.7 of their excellent browser, and it fixes this: [link] This leaves 4 of the 5 major browsers with fixes (more on this in an upcoming post), which is my threshold for documenting a little tweak to exploitability. It is partially inspired by Gareth Heyes' attack on E4X using character set overrides. For interesting background reading, see: [link] Turns out, the same character set override applies to loading cross-origin CSS via the tag.

50

50

Privacy and Cybersecurity Law

JULY 31, 2010

Laura Gavioli has published an article in the June-July issue of the Journal of Tax Practice & Procedure. The piece addresses […].

40

40

Scary Beasts Security

JULY 20, 2010

We've seen who is $1337 but who is $3133.7 ? I just launched this: [link] I've really enjoyed launching and now refreshing this program.

50

50

Scary Beasts Security

JULY 20, 2010

Today I had the pleasure to post: [link] It is co-signed by some of my awesome fellow engineers who personally believe in what is written. Recent discussions and debates have shown that "responsible disclosure" is broken. It is badly named and ill-defined. Possibly the worst problem with responsible disclosure is that is permits known critical vulnerabilities to go unfixed for months or even years.

Engineering 50

Engineering 50

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats