• Flattr this

Archive for April 15th, 2008

15 04 2008

Passing Down History

Posted by: Giorgio in Mozilla

I’ve seen it on Planet Mozilla first, but it apparently traveled through other planets.
Landing on Planet WebSecurity now…

[ma1@harpo]$ history|awk ‘{a[$2]++ } END{for(i in a){print a[i] ” ” i}}’|sort -rn|head
151 su
72 vi
40 ll
38 perl
37 ssh
35 cd
32 awk
15 grep
11 exit
9 makeswf
6 wget

I guess it means I feel a bit constrained and need to escalate my privileges too much often :P

Comments 4 Comments »

15 04 2008

CIA Operation Ponies

Posted by: Giorgio in XSS, Mozilla, Security, NoScript

Just read on Wired: Finnish Harry Sintonen reported a cross-site scripting vulnerability on CIA’s web site.
The article has been published yesterday, the bug is not fixed yet… I can’t believe secret service über-geeks do not read their logs: it must be a sneaky honey pot to convict hax0rs, dangerous Wired readers and possibly open source terrorists!

Actually, I could see quite a number of gaping XSS holes just on that search page which, as you can notice, is served through HTTPS, making it an excellent phishing hook.
I wonder if there’s also a reserved area (e.g. a CMS) somewhere on the same domain (cookies, yum!)

Even if it’s classified information, Wired itself revealed that attacks of this kind fail if you use Firefox + NoScript.
Am I already an Al-Qaeda target?

Comments 2 Comments »

Bad Behavior has blocked 1699 access attempts in the last 7 days.