Archives 

Show All

  • 2008
    • December
      • Qwest XSS

        Here's a fun story about XSS and why we should take it seriously.

        Due to the location of my residence and the ineptness of my HOA, the buildings around me get fiber optic, but I can't. So I use Qwest DSL for my home internet access. While I'm not a huge fan of the company,

      • Reporting Security Holes

        With Russ's latest blog post came links to a few articles dealing with the recently exposed American Express XSS holes. In short, AmEx dealt with it badly- ignoring Russ's three attempts to contact them and only fixing the issue when it got posted publicly (after their PR watchdogs brough

      • cPanel Followup

        I just upgraded a few servers to the latest version of cPanel, which is supposedly fully PCI compliant.

        You may be wondering why, with its massively widespread use, cPanel wasn't already PCI compliant. Basically it dealt with a variety of SSL issues- the administration interface sup

      • Redirecting Safely

        I don't think this is news to the other security people, but as a developer, I had never heard of this issue. As far as I know, none of the developers I regularly work with had heard of it either (though using the code as recommended by the php.net manual will prevent it).

        In many P

    • October
    • September
    • August