quot

Not really anything to do with security, but I find this interesting.It's something I told many times before. Now insiders within Wikipedia feel the same. They are going to start a "new" Wikipedia which will be called: Veropedia. I did like the idea of Wikipedia, but it has become more and more a place where every silly thing is written down, and a lot is inaccurate also. Quite true because there is no way you will know the information is accurate, and accurate ALL the time. A couple of times I noticed that the Wiki editors just copy/paste websites without checking the accuracy.  read more »

Just to know, here is a way to detect the latest Windows Genuine Advantage plugin that was installed in browsers like Firefox or Opera. Funny thing is that Microsoft relies on this plugin to detect if the users copy of Windows is legit. As seen in: http://img.microsoft.com/downloads/includes/wga.js. Where it creates an URI to proceed if only the "HashCode" is correct. Uhm, great security. But on top of that it is spyware isn't it.

To go about the previous sidebar fun, here something I don't understand also. This snippet just pops up a bookmark window automatically, in which you can hide a fake uri that goes to a malicious website. Now, this might be interesting for phishers because you can tell the script what to bookmark without showing the real uri, I guess it's what Mozilla calls: "a minor issue". Well, for me it's obviously just a another day frying the browsers features.

Kevin's site was hacked again last month by defacers of Zone-H. It isn't the first time his site has been hacked. When Mitnick got hack for the first time, it was when he was released from prison. A hacker calling himself "BugBear" added one page to Mitnick's corporate Web site on January 30 2000 with a message, "Welcome back to freedom, Mr. Kevin," and added that "it was fun and easy to break into your box." He included a photograph of a polar bear with two cubs. He did that out of respect for Kevin. This time, there is no sign of respect.  read more »

A small update on what's happening. Hong has found a focus diversion flaw in Firefox which allows files to be uploaded. Normally it is not allowed to steal focus on form objects, but the cleverness of this hack lies in that Hong uses the HTML tag <label>. When a label get focus, the focus will transfer to other element pointed by the "for" attribute. So it can bypass the restriction. Very clever!Original post:

I found this link on Digg. Techtalkz.com talks about "Spyjax". Okay don't worry it is nothing new, it is only a new story about Jeremiah's CSS history hack. But the thing is, that people keep posting his code everywhere while it isn't performing very well. It only works in one type of browser and not in all, in fact it never worked in any browser I have. So I wrote a better version last year but it seems no one knows about that script. This one is cross browser, so here it goes again: