dnsxss tool helps you inject via DNS
…what it does is, essentially, respond to DNS requests for CNAME, MX, TXT, and NS records with Javascript code. … how about SQL injection?
Stripe is running a web security capture the flag - a series of increasingly difficult web security exploit challenges. I've finished it and had a lot of fun. Working on a web browser I knew the theory of these various web based attacks, but this was my first chance to put theory into practice with:
Here's a blog post on the CTF behind the scenes setup which has many impressive features including phantom users that can be XSS/CSRF'ed.
I'll have another post on my difficulties and answers for the CTF levels after the contest is over on Wed, but if you're looking for hints, try out the CTF chatroom or the level specific CTF chatroom.
CGI for the IKEA catalog:
That couch catching your eye in the 2013 edition of IKEA’s new catalog may not be a couch at all. It is likely the entire living room was created by a graphic artist. In fact, much of the furniture and settings in the 324-page catalog are simply a collection of pixels and polygons arranged on a computer.
|
From: David Risney
Views: 75
0 ratings
|
|
| Time: 00:43 | More in People & Blogs |
Winterton, a senior entomologist at the California Department of Food and Agriculture, has seen a lot of bugs. But he hadn’t seen this species before.
There’s no off switch when you’re the senior entomologist. If you’re browsing the web you find your way to Flickr photos of insects or start correcting Wikipedia articles on insects.
“tl;dr I just made a tool to transform any javascript code into an equivalent sequence of ()[]{}!+ characters. You can try it here, or grab it from github or npm. Keep on reading if you want to know how it works.”
JavaScript has some crazy implicit casts.
A python script that d3crypt5 the input pipe’s ASCII content from ASCII garbage slowly into the correct output.
Meet Sarcastic Mars Rover, now on Twitter, doing a science all over your everything.
Meet your new twitter friend.
|
From: David Risney
Views: 69
0 ratings
|
|
| Time: 00:53 | More in People & Blogs |
We believe Knight accidentally released the test software they used to verify that their market making software functioned properly, into NYSE’s live system.
I get chills breaking the build at work. I can’t imagine how much worse it would feel to deploy your test suite and destroy the company you work for.
(via Pareidoloop)
“Phil McCarthy’s Pareidoloop overlays randomly generated polygons on top of one another until facial recognition software recognizes a human face. Can’t sleep, at SIGGRAPH! [via @Brandonn]”
Chaos Monkey randomly kills your Amazon Web Service VMs increasing the failure rate forcing your web service to deal with it.
The U.S. Census Bureau today released a new online service that makes key demographic, socio-economic and housing statistics more accessible than ever before. The Census Bureau’s first-ever public Application Programming Interface (API) allows developers to design Web and mobile apps to explore or learn more about America’s changing population and economy.
One persons quest to watch the Olympics online.
The location requirements (guessed at via IP address) are irritating. The requirement that you have a particular cable subscription to view video online seems like not network neutrality.
Also this related article:
http://techcrunch.com/2012/07/27/nbc-olympic-opening-ceremony/
Breakdown of the bytes of a Windows executable in a big old chart!
Some rights reserved