Tweets
Stefano Di Paola
RT @internot_: First (?) MentalJS bypass: (function a() /'/+alert(location)+/'/)() // cc: @garethheyes //nice!
When reviewing obfuscated JS looking for DOM #XSS and you feel like it's a tough fight #DOMinatorPro is your jock cup http://bit.ly/Rgx5CM
Romain Gaucher
Command line utility to query JSON: jq - http://stedolan.github.com/jq/ ; very handy
@bilcorry indeed the paper reminded me some already viewed code.. thats the one we reccomend together w/ x-frame header :)
RT @bilcorry: @WisecWisec BTW, if interested in framebusting script, this one improves on the one in the paper: https://www.codemagi.com/blog/post/194
@bilcorry ah whew thanks..I felt like being outside of my body ;P
I feel so annoyed when I find research paper and I can't find the year of publication!Did I already read it?is it old? http://crypto.stanford.edu/~dabo/pubs/papers/framebust.pdf …
(via @ethicalhack3r) @gerryeisenhaur:PayPal Bug Bounty -a lesson in not being a fuckup. http://30x.me/dv //gr8 reading & congrats paypal
@0x6D6172696F @randomdross actually when happens to me I do feel bad :)
RT @0x6D6172696F: RT @randomdross: Your retweets are bad and you should feel bad! < dear security "researchers", this :D
@0x6D6172696F ditto!-even if smtimes happens 2 me as well.I'd also add:"your references are bad and you should feel bad"#2sec"researchers"
@garethheyes you're better than me for sure, but I'll play with it for sure! #mentaljs
@garethheyes I was wondering what that MentalJS was...:)
RT @garethheyes: Introducing MentalJS my new sandbox that I've been working on over many months in my spare time http://www.thespanner.co.uk/2012/10/18/mentaljs-sandboxparser/ … //cool
RT @fmavituna: Why Bitcoin is a Prime Target for Hackers - http://www.scanmysite.net/blog/why-bitcoin-is-a-prime-target-for-hackers …
RT @ivanristic: Improved passive SSL fingerprinting in sslhaf http://bit.ly/V9rXjy
@_ikki @baythreat awesome! Will do it asap!
@totally_unknown it should, otherwise most of sites would be DOMXSSable including big 1s.U might be interested in http://bit.ly/ov4z02
Nils Juenemann
Found a stored XSS in a Google application with: "));} catch(e) { alert(1) }// It's a bug in a swf exported function via ExternalInterface.
RT @dveditz: @WisecWisec @garethheyes fixed now in #Firefox 16.0.1 //awesome
Det ser ut til at det tar en stund å laste.
Twitter kan være overbelastet eller under en midlertidlig stans. Prøv igjen eller besøk Twitter Status for mer informasjon.
