Comments for SecureThoughts.com http://securethoughts.com Inferno's Blog on Application Security Fri, 02 Apr 2010 17:28:55 -0700 http://wordpress.org/?v=abc hourly 1 Comment on Hacking CSRF Tokens using CSS History Hack by donb http://securethoughts.com/2009/07/hacking-csrf-tokens-using-css-history-hack/comment-page-1/#comment-322 donb Fri, 02 Apr 2010 17:28:55 +0000 http://securethoughts.com/?p=581#comment-322 All of this discussion is very interesting. It looks like the world is still safe when CSRF is implemented with long tokens. All of this discussion is very interesting. It looks like the world is still safe when CSRF is implemented with long tokens.

]]> Comment on Millions of PDF invisibly embedded with your internal disk paths by Falha no Internet Explorer permite o vazamento de 50 milhões de arquivos confidenciais | D. G. Na Web http://securethoughts.com/2009/11/millions-of-pdf-invisibly-embedded-with-your-internal-disk-paths/comment-page-1/#comment-321 Falha no Internet Explorer permite o vazamento de 50 milhões de arquivos confidenciais | D. G. Na Web Sat, 13 Mar 2010 01:00:54 +0000 http://securethoughts.com/?p=1027#comment-321 [...] como prefere ser chamado o pesquisador do blog SecureThoughts, explica que documentos ‘impressos’ em PDF, a partir do IE, usando ferramentas como [...] [...] como prefere ser chamado o pesquisador do blog SecureThoughts, explica que documentos ‘impressos’ em PDF, a partir do IE, usando ferramentas como [...]

]]> Comment on Hacking for XSS inside noscript html tags by anwar http://securethoughts.com/2009/02/hacking-for-xss-inside-noscript-html-tags/comment-page-1/#comment-319 anwar Tue, 09 Mar 2010 19:42:02 +0000 http://securethoughts.com/?p=112#comment-319 Encoding will work. Nice work. Encoding will work. Nice work.

]]> Comment on Millions of PDF invisibly embedded with your internal disk paths by PDF’s op websites lekken privégegevens - Paone Techinfo http://securethoughts.com/2009/11/millions-of-pdf-invisibly-embedded-with-your-internal-disk-paths/comment-page-1/#comment-312 PDF’s op websites lekken privégegevens - Paone Techinfo Thu, 17 Dec 2009 00:27:19 +0000 http://securethoughts.com/?p=1027#comment-312 [...] met verwijzingen naar interne schijflocaties, stelt beveiligingsbureau Inferno op basis van een eigen onderzoek. Volgens Inferno betekent dit een privacyrisico. Schijflocaties bevatten immers vaak de namen van [...] [...] met verwijzingen naar interne schijflocaties, stelt beveiligingsbureau Inferno op basis van een eigen onderzoek. Volgens Inferno betekent dit een privacyrisico. Schijflocaties bevatten immers vaak de namen van [...]

]]> Comment on Millions of PDF invisibly embedded with your internal disk paths by Bookmarks for November 3rd through December 16th at Ed Smiley’s Blog http://securethoughts.com/2009/11/millions-of-pdf-invisibly-embedded-with-your-internal-disk-paths/comment-page-1/#comment-311 Bookmarks for November 3rd through December 16th at Ed Smiley’s Blog Thu, 17 Dec 2009 00:10:29 +0000 http://securethoughts.com/?p=1027#comment-311 [...] Millions of PDF invisibly embedded with your internal disk paths | SecureThoughts.com – [...] [...] Millions of PDF invisibly embedded with your internal disk paths | SecureThoughts.com – [...]

]]> Comment on Millions of PDF invisibly embedded with your internal disk paths by blog index http://securethoughts.com/2009/11/millions-of-pdf-invisibly-embedded-with-your-internal-disk-paths/comment-page-1/#comment-309 blog index Fri, 11 Dec 2009 21:29:19 +0000 http://securethoughts.com/?p=1027#comment-309 <strong>PDF Speedlinking—A Few Noteworthy Articles...</strong> It’s that time again. Every year, from around late November to the end of December, I usually start getting that “rushed” feeling where everything gets busier.   You’re trying to fit in some extra Christmas shopping on your lunch break, try... PDF Speedlinking—A Few Noteworthy Articles…

It’s that time again.
Every year, from around late November to the end of December, I usually start getting that “rushed” feeling where everything gets busier.   You’re trying to fit in some extra Christmas shopping on your lunch break, try…

]]> Comment on Millions of PDF invisibly embedded with your internal disk paths by Galameth http://securethoughts.com/2009/11/millions-of-pdf-invisibly-embedded-with-your-internal-disk-paths/comment-page-1/#comment-307 Galameth Sat, 05 Dec 2009 11:28:29 +0000 http://securethoughts.com/?p=1027#comment-307 I had forgotten how fun google hack searching could be till I did your suggested search with .gov, .mil, etc. filetype:pdf file c .gov filetype:pdf file c .mil and so on. I had forgotten how fun google hack searching could be till I did your suggested search with .gov, .mil, etc.

filetype:pdf file c .gov
filetype:pdf file c .mil

and so on.

]]> Comment on Millions of PDF invisibly embedded with your internal disk paths by David http://securethoughts.com/2009/11/millions-of-pdf-invisibly-embedded-with-your-internal-disk-paths/comment-page-1/#comment-306 David Tue, 01 Dec 2009 15:02:48 +0000 http://securethoughts.com/?p=1027#comment-306 I found my userID in a PDF that I printed to the Adobe PDF printer from our corporate web site. This was not a html file on my local machine. It was embedded as myuserID I found my userID in a PDF that I printed to the Adobe PDF printer from our corporate web site. This was not a html file on my local machine. It was embedded as myuserID

]]> Comment on Exploiting IE8 UTF-7 XSS Vulnerability using Local Redirection by hacky http://securethoughts.com/2009/05/exploiting-ie8-utf-7-xss-vulnerability-using-local-redirection/comment-page-1/#comment-303 hacky Sat, 28 Nov 2009 16:33:08 +0000 http://securethoughts.com/?p=223#comment-303 To make things worse MS put the same IE code on windows 7 too... latest IE still vulnerable... To make things worse MS put the same IE code on windows 7 too… latest IE still vulnerable…

]]> Comment on Millions of PDF invisibly embedded with your internal disk paths by Falla en Internet Explorer expone a usuarios de archivos PDF : Blogografia http://securethoughts.com/2009/11/millions-of-pdf-invisibly-embedded-with-your-internal-disk-paths/comment-page-1/#comment-296 Falla en Internet Explorer expone a usuarios de archivos PDF : Blogografia Thu, 26 Nov 2009 01:21:38 +0000 http://securethoughts.com/?p=1027#comment-296 [...] Pese a que sus versiones posteriores son mucho más confiables, la ignota firma de seguridad Inferno reveló que todas las ediciones de IE son vulnerables a una falla que involucra a los archivos PDF. “Encontré un interesante problema de privacidad, que ocurre cuando se usa Internet Explorer para imprimir páginas web guardadas en el disco duro como PDF y afecta a todas las versiones, incluida IE8″, explicó esta desconocida empresa en su blog. [...] [...] Pese a que sus versiones posteriores son mucho más confiables, la ignota firma de seguridad Inferno reveló que todas las ediciones de IE son vulnerables a una falla que involucra a los archivos PDF. “Encontré un interesante problema de privacidad, que ocurre cuando se usa Internet Explorer para imprimir páginas web guardadas en el disco duro como PDF y afecta a todas las versiones, incluida IE8″, explicó esta desconocida empresa en su blog. [...]

]]>