Skip to main content

Apr 13, 11

"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware."

Apr 08, 11

"After a few months of back and forth, the first stage of our HTTP Header research is now live on the Shodan website."

Mar 25, 11

Although the Firefox team has an entire page on the website dedicated to the new security features in Firefox 4, they seem to have forgotten to mention HTTP Strict Transport Security (HSTS).

Mar 11, 11

Microsoft says the vulnerability used by researcher Stephen Fewer to exploit Internet Explorer 8 has already been fixed in the RC and RTM versions of Internet Explorer 9.

Mar 11, 11

Research in Motion’s recent decision to add a WebKit browser to BlackBerry has immediately backfired.

Mar 11, 11

Charlie Miller kept his Pwn2Own winning streak intact with another successful hack of an Apple product.

Mar 10, 11

A team of security researchers from the French pen-testing firm VUPEN successfully exploited a zero-day flaw in Apple’s Safari browser to win this year’s Pwn2Own hacker challenge.

Mar 10, 11

Using three different vulnerabilities and clever exploitation techniques, Irish security researcher Stephen Fewer successfully hacked into a 64-bit Windows 7 (SP1) running Internet Explorer 8 to win this year’s CanSecWest hacker challenge.

Feb 03, 11

It's that time of year again and the Zero Day Initiative (ZDI) team here at HP TippingPoint is proud to announce the 5th annual Pwn2Own competition is back.

Jan 24, 11

It’s about assurance. It’s about establishing a degree of trust in a site’s legitimacy that’s sufficient for you to confidently transmit and receive data with the knowledge that it’s reaching its intended destination without being intercepted or manipulated in the process.

Jan 22, 11

Modern browsers are incredibly complex beasts, pushed well beyond their intended limits - and in that capacity, broken in more ways than we can imagine. We are only beginning to scratch the surface of all the design problems ahead of us - say, new and unexpected classes of UI vulnerabilities - but even within the bounds of what we understand and know how to fix, some fascinating and very human discourse patterns emerge... and will ultimately shape the future of the web.

Jan 01, 11

" am happy to announce the availability of cross_fuzz - an amazingly effective but notoriously annoying cross-document DOM binding fuzzer that helped identify about one hundred bugs in all browsers on the market - many of said bugs exploitable - and is still finding more. "

Dec 25, 10

"Exploit code for the vulnerability has been added to the Metasploit tool and a video has been posted to provide a demo of the severity."

Dec 25, 10

"Brian Kennish traded his job at Google for a table at Starbucks, where he works on his privacy software called Disconnect."

1 - 18 of 18
20 items/page

Highlighter, Sticky notes, Tagging, Groups and Network: integrated suite dramatically boosting research productivity. Learn more »

Join Diigo