opera browser 700
11 Oct 2009

Hijacking Opera’s Native Page using malicious RSS payloads

The Opera browser is a popular alternative to Internet Explorer, Google Chrome, and Safari.  Its clean look and unique features make it an appealing alternative to users unhappy with their current browser or anyone looking to try something new. However, as with most software products, Opera does have its drawbacks. 

info@securethoughts.com' 0
chrome browser security
11 Sep 2009

Exploiting Chrome and Opera’s inbuilt ATOM/RSS reader with Script Execution and more

The Google Chrome and Opera browsers present an interesting case study of another example of how to exploit vulnerabilities, in both instances through the respective browser’s embedded Rich Site Summary (RSS) reader. These vulnerabilities are exploited by a user who clicks a RSS feed link from an email or in

info@securethoughts.com' 0
Safari browser
11 Aug 2009

Hijacking Safari 4 Top Sites with Phish Bombs

It is extremely important to keep your software updated, particularly your web browser.  By way of example, consider older versions of the Safari Browser. One of the features of Safari is the “Top Sites” function, which stores a user’s favorite and most visited web sites.  Prior to version 4.0.3 though,

info@securethoughts.com' 0
Opera browser
11 Aug 2009

Pwning Opera Unite with Inferno’s Eleven

One of the Opera Internet browser’s older functions, which has now been phased out, was Opera Unite.  Opera Unite allowed a browser to act as both a client and a server, allowing a user to receive web content and present web content, using the same browser. Although this feature was

info@securethoughts.com' 0
css style sheets
11 Jul 2009

Hacking CSRF Tokens using CSS History Hack

Cross-site scripting, or XSS, is a well-known cyber security risk that allows malicious users to take control of, and exploit, a user’s system. Another security risk is Cross-Site Request Forgery (CSRF, or “sea surf”).  This risk allows someone to execute functions within a user’s authenticated session, thus the “forgery” portion

info@securethoughts.com' 0
Internet Explorer Browser
11 May 2009

Exploiting IE8 UTF-7 XSS Vulnerability using Local Redirection

As our other posts have shown, keeping your software up-to-date is vital, especially with respect to security.  Software updates often have some type of security component to patch a known vulnerability.  By way of example, consider a cross-site scripting (XSS) vulnerability from previous versions of several popular web browsers. This

info@securethoughts.com' 0