Dear Google, You Are Giving Me a Poverty.

After reading that Google sent a blogger some acetaminophen after he wrote an article entitled “Dear Google, You Are Giving Me a Headache”, what the hell – thought it was worth a shot. No tags for this post.

Posted by on Jul 14, 2006 in Black Hat | 2 comments

Google Auctions XSS Proof of Concept

Note: Google has now fixed the vulnerability. After a recent article by the folks at NeoSmart.net http://neosmart.net/blog/archives/194 which seemingly downplayed the severity and danger posed by XSS (cross site scripting), I thought it pertinent to help elucidate just how powerful XSS can be. The vast majority of XSS proof-of-concepts are limited to simple javascript alerts. When visiting an XSS injected url, you see some pop up that warns you of the vulnerability. This is substantial enough for professionals to understand the severity of the injection, but to the average web user it seems no more dangerous than any other pop up they encounter. The truth is, however, that XSS is an extremely powerful method through which a criminal can rely on the trust a user...

Posted by on Jul 10, 2006 in Black Hat, Rants & Raves | 3 comments

Why XSS Vulnerabilities Do Matter…

“What matters in the end is that these products aren’t â€Å”defective” and not even truly insecure. They’ve been modified the way the language allows for them to be modified, no more no less.” – http://neosmart.net/blog/archives/194 I really like to temper my posts with politeness and general levels of respect, but I simply cannot in this case. Neosmart.com’s objections that XSS really is not a vulnerability are both ludicrous and dangerous. First, the insinuation above that states “they have been modified the way the language allows for them to be modified” is true, but is certainly not an accurate measure of vulnerability. Any language can be exploited if...

Posted by on Jun 23, 2006 in Black Hat | 1 comment

Spammer Vigilante

So check this out. Some guy at http://www.spam-blocker-resource.com caught a spammer using his wi-fi and tracked the guy down. Now he is looking for suggestions on what to do to him or his property. Has it really come to this? That people are so violently in support of their right not to be comment-spammed that they would resort to such vigilante actions? No tags for this post.

Posted by on Jun 22, 2006 in Black Hat | 2 comments

Shoemoney Contest Blog Spam…

I am assuming this has to do with the Shoemoney ranking contest, just thought it was a funny piece of spam considering it redirects to a blog I read almost daily 🙂 === Name: shoemoney | URI: http://www.imyourhuckleberry.info/ | IP: 85.214.59.14 | Date: June 1, 2006 shoemoney… nice shoemoney site at shoemoney http://www.imyourhuckleberry.info/ 27… No tags for this post.

Posted by on Jun 1, 2006 in Black Hat | 1 comment

About Jeff

Jeff Staub is the Director of Client Services at Virante, Inc. No tags for this post.

Posted by on May 24, 2006 in Black Hat | 0 comments