InformAction Forums

a new security header for browser referer, and some explanations behind choices. https://scotthelme.co.uk/a-new-security-header-referrer-policy/ Recommendations "Which header you will want or need to use will depend on your requirements but there are some that you should probably stay away from...

Cross- Browser machine fingerprinting catches some of the info behind the browser to tag specific machines. Finding graphic card features, cpu and cores, and installed writing scripts http://yinzhicao.org/ (Cross-)Browser Fingerprinting via OS and Hardware Level Features Tor blocks most of that info...

this was from an article on browser data leakage, http://webkay.robinlinus.com/ "This is a demonstration of all the data your browser knows about you. All this data can be accessed by any website without asking you for any permission. Most of the data points are educated guesses and not conside...

"ADsafe makes it safe to put guest code (such as third party scripted advertising or widgets) on a web page. ADsafe defines a subset of JavaScript that is powerful enough to allow guest code to perform valuable interactions, while at the same time preventing malicious or accidental damage or in...

"Millions of readers who visited popular news websites have been targeted by a series of malicious ads redirecting to an exploit kit exploiting several Flash vulnerabilities." "Using the known Internet Explorer vulnerability CVE-2016-0162, the encoded script attempts to verify that it...

You could see this coming, but now they have a model to use in the search https://blog.acolyer.org/2016/11/17/twice-the-bits-twice-the-trouble-vulnerabilities-induced-by-migrating-to-64-bit-platforms/ "Many software vulnerabilities are rooted in subtleties of correctly processing integers, in p...

"In researching new code injection techniques for Windows, enSilo researchers discovered a way that attackers could use to write malicious code into an atom table and force applications using the table to retrieve and execute the code." http://www.darkreading.com/vulnerabilities---threats/...

Interesting, they are using separate containers, and only assemble a package right before delivery. http://sciencebulletin.org/archives/6542.html Xiaojing Liao, et al., “Lurking Malice in the Cloud: Understanding and Detecting Cloud Repository as a Malicious Service,” ACM Conference on Computer and ...

Looks like it can automate a messy job into a slick package

article

https://hacks.mozilla.org/2016/09/vault ... ncy-links/

and site

https://autonome.github.io/silobuster/

there are going to be a lot of writeups on this, but figured i would start a placeholder now. "Both the authenticated access to MySQL database (via network connection or web interfaces such as phpMyAdmin) and SQL Injection could be used as exploitation vectors. The exploitation is interesting i...

Looks like a good plugin, but don't know about trust. "The Task Manager interface for Firefox opens in a new window when you click on it. The information it displays list the type of task (e.g. web page or add-on), a description which usually is a name or title, memory use, process ID and infor...

DNS rebinding, and other requests.

http://bouk.co/blog/hacking-developers/

Bug or feature?

an article on the proliferation, and a new tool included in the latest Privacy Badger from EFF. Computer scientists reveal history of third-party web tracking http://sciencebulletin.org/archives/4610.html https://trackingexcavator.cs.washington.edu/ https://www.eff.org/privacybadger Interesting use ...

Security flier posted

download page, free one on the right column.

https://www.foxitsoftware.com/downloads/#Foxit-Reader

Stop using JWT for sessions

http://cryto.net/~joepie91/blog/2016/06 ... -sessions/