Yesterday I was playing around with some XUL stuff (I really like it ) and so I came across a list of Firefox chrome URLs. Now have a look at the following three lines:
chrome://pippki/content/editcacert.xul -> Crashes browser when opened
chrome://pippki/content/editemailcert.xul -> Crashes browser when opened
chrome://pippki/content/editsslcert.xul -> Crashes browser when opened
Just put one of the [...]

The people who know me, also know that I’m the actual leader of the OWASP Switzerland Local Chapter and that’s why I also write something about the next meeting, which would be a little bit special.
We at the OWASP Switzerland Local Chapter would like to get in touch with other groups and individuals in Switzerland, [...]

This blog posting’s a small writeup about a topic I’ve first mentioned in my talk at the 0sec 2006 and at the last OWASP Switzerland Local Chapter Meeting (12. February 2007) I discussed it during my presentation about XSS-Worms. The topic I’m talking about, is one I personally call “Webbased Dynamic Botnets” because AFAIK nobody [...]

Today I had some time left in which I had nothing to do and so I tried out some stuff. This time I had my focus on Google Maps but don’t ask me why, I really don’t know it
First thing’s something for the people who want to get a higher zoom level:
Let’s start [...]

On the 10th February 2007, when Firefox 2.0.0.1 was the most recent, I’ve already wrote a blog posting about how to bypass the phishing protection of Firefox. Now I checked this issue again in version 2.0.0.2 and hey it’s still there. If you would like to check, just use the following example:
Evil phishing site:
http://144.131.138.116/www.paypal.com/webscr_cmd=_login-run1847/
Normal site [...]

Because all the time I demonstrate some simple XSS, people ask me why it looks so ugly after the attack. Take the following example to see what I mean:

This could happen when you exploiting a XSS vulnerability for example through a search input box with the following javascript code
"><script>alert(123);</script>
It’s not really hard now to get [...]

In a blog posting I’ve seen over the blog of Jeremiah Grossman, I saw something horrible. Today, we know what CAPTCHAs are and that it’s a simple method to protect for example a guestbook from spam entries. Now, this blog posting shows the following CAPTCHA:

OK, that’s really horrible I think and this because of [...]

People may ask, why I wrote that few blog postings during the last days. For those people, I’d like to explain it
As you might know I’m working in Berne for Dreamlab Technologies Ltd. but living in a town called Frauenfeld which’s about two hours per way by train. This was of course to much [...]

Today I’ve got a mail from one of my working colleagues in which he informed about a webbrowser IDS called Firekeeper which can be used with Firefox.
As a small description I just copied the original project description here:
Firekeeper is an Intrusion Detection and Prevention System for Firefox. It is able to detect, block and warn [...]

I don’t know why but at least in the community of web hackers, there’s not a continuity in releasing stuff at all. Sometime there’s nearly nothing interesting for about a week or two and the as soon as someone post something cool, everyone have something to release, just as I already said: I don’t know [...]