Scary Beasts Security

JULY 22, 2010

Firefox just released version 3.6.7 of their excellent browser, and it fixes this: [link] This leaves 4 of the 5 major browsers with fixes (more on this in an upcoming post), which is my threshold for documenting a little tweak to exploitability. It is partially inspired by Gareth Heyes' attack on E4X using character set overrides. For interesting background reading, see: [link] Turns out, the same character set override applies to loading cross-origin CSS via the tag.

50

50

Privacy and Cybersecurity Law

JULY 31, 2010

Laura Gavioli has published an article in the June-July issue of the Journal of Tax Practice & Procedure. The piece addresses […].

40

40

Scary Beasts Security

JULY 20, 2010

Today I had the pleasure to post: [link] It is co-signed by some of my awesome fellow engineers who personally believe in what is written. Recent discussions and debates have shown that "responsible disclosure" is broken. It is badly named and ill-defined. Possibly the worst problem with responsible disclosure is that is permits known critical vulnerabilities to go unfixed for months or even years.

Engineering 50

Engineering 50

Scary Beasts Security

JULY 20, 2010

We've seen who is $1337 but who is $3133.7 ? I just launched this: [link] I've really enjoyed launching and now refreshing this program.

50

50

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software