Archive for April 15th, 2008

I've seen it on Planet Mozilla first, but it apparently traveled through other planets.
Landing on Planet WebSecurity now...

[ma1@harpo]$ history|awk '{a[$2]++ } END{for(i in a){print a[i] " " i}}'|sort -rn|head
151 su
72 vi
40 ll
38 perl
37 ssh
35 cd
32 awk
15 grep
11 exit
9 makeswf
6 wget

I guess it means I feel a bit constrained and need to escalate my privileges too much often :P

Just read on Wired: Finnish Harry Sintonen reported a cross-site scripting vulnerability on CIA's web site.
The article has been published yesterday, the bug is not fixed yet... I can't believe secret service über-geeks do not read their logs: it must be a sneaky honey pot to convict hax0rs, dangerous Wired readers and possibly open source terrorists!

Actually, I could see quite a number of gaping XSS holes just on that search page which, as you can notice, is served through HTTPS, making it an excellent phishing hook.
I wonder if there's also a reserved area (e.g. a CMS) somewhere on the same domain (cookies, yum!)

Even if it's classified information, Wired itself revealed that attacks of this kind fail if you use Firefox + NoScript.
Am I already an Al-Qaeda target?

Bad Behavior has blocked 924 access attempts in the last 7 days.