Posted by SkyLined on October 31st, 2008 in JavaScript and Security ·
Dan Crowley recently released a paper (txt, pdf) describing how web servers installed on various Operating Systems (OS) respond differently to certain requests depending on which OS they are installed on…
Posted by SkyLined on October 23rd, 2008 in Browsers and Opera ·
If you want to automate running Opera to run fuzzers, you’ll find that once you’ve crashed Opera, it does not start as normal the next time you run it…
Posted by SkyLined on September 16th, 2008 in Browsers and JavaScript ·
I’ve put a new version of JSSh, my interactive JavaScript Shell, online at http://jssh.skypher.com. I’ve replace the error handlers and object visualization routines, which should improve your grasp of what’s going on in various browsers…
Posted by SkyLined on September 8th, 2008 in Google and YouTube ·
If you want to listen to a certain song but don’t have the mp3, you can always look it up on YouTube…
Posted by SkyLined on September 4th, 2008 in Browsers, Chrome and Google ·
Finally I can talk about what I’ve been doing since I left Microsoft: I’ve been working on security for Google Chrome; trying to find as many vulnerabilities before we shipped the beta. In the process I’ve found plenty of bugs in other browsers as well :)…
Posted by SkyLined on August 26th, 2008 in Firefox, Internet Explorer, JavaScript and Safari ·
I’ve created an example script that outputs a stack dump in JavaScript. It shows all the functions that have been called, their arguments and the values of these arguments. I find it to be very useful while writing complex JavaScripts - I use it in asserts and error handlers to find out why things go wrong quickly…
Posted by SkyLined on August 12th, 2008 in Browsers and xss ·
I discovered a type 1 XSS issue in the StumbleUpon website. Input in the POST form at http://www.stumbleupon.com/delete_account.php was not properly sanitized…
Posted by SkyLined on August 3rd, 2008 in ASCII Art and Shellcode ·
I’ve put some of the ASCII Art I’ve created over the years online here. This includes never before publicly released ASCII Art shellcode.
Posted by SkyLined on July 14th, 2008 in Safari and Security ·
Apple has released a patch for a remote code execution vulnerability that I reported to them…
Posted by SkyLined on May 20th, 2008 in JavaScript ·
I’ve created a command line version of JSSh, should you find need for it like I did…