Scary Beasts Security
JULY 20, 2010
Today I had the pleasure to post: [link] It is co-signed by some of my awesome fellow engineers who personally believe in what is written. Recent discussions and debates have shown that "responsible disclosure" is broken. It is badly named and ill-defined. Possibly the worst problem with responsible disclosure is that is permits known critical vulnerabilities to go unfixed for months or even years.
Privacy and Cybersecurity Law
JULY 31, 2010
Laura Gavioli has published an article in the June-July issue of the Journal of Tax Practice & Procedure. The piece addresses […].
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Scary Beasts Security
JULY 20, 2010
We've seen who is $1337 but who is $3133.7 ? I just launched this: [link] I've really enjoyed launching and now refreshing this program.
Scary Beasts Security
JULY 22, 2010
Firefox just released version 3.6.7 of their excellent browser, and it fixes this: [link] This leaves 4 of the 5 major browsers with fixes (more on this in an upcoming post), which is my threshold for documenting a little tweak to exploitability. It is partially inspired by Gareth Heyes' attack on E4X using character set overrides. For interesting background reading, see: [link] Turns out, the same character set override applies to loading cross-origin CSS via the tag.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Expert insights. Personalized for you.
50 
Let's personalize your content