An interesting way to use the report-uri feature of CSP to detect if a user is logged into Google, Facebook etc.
Hackers “are learning that it’s not so easy to write secure code,” Toro says. “Most of us in the business of securing our applications and systems know that bulletproofing software is an extremely expensive and exhaustive undertaking. Malware creators who have to look to their own defences would have to slow down the production of new attacks.”
FYI, if you want to know what it looks like when you hack a hacker, look no further than the seminal 1995 film Hackers.
First they came for our RSS feeds and I said nothing…
A high-profile fork: one year of Blink and Webkit
Some stats and analysis at a very high level of the Blink fork from Webkit.
Google’s XSS training game. Learn how to find XSS issues for fun and profit.