2015 Jul 30, 1:28
2014 Apr 8, 6:36
Just a quick tutorial on exploiting heartbleed for session hijacking. Is it worse to use https than http today?
technical security ssl heartbleed session-hijack 2010 Oct 4, 2:05Proposed 428 HTTP error code for hijacking proxies to indicate to the client the user needs to login to the network etc. Glad to see this one's finally happening.
http http-status captive-portal hijack proxy authentication technical rfc reference 2009 Dec 2, 3:00"These are tough questions, but the horrific problems of the "Victorian Internet" suggest that government overreach isn't the only thing to fear. In 1876, laissez-faire "freedom for all" meant
(in practice) the freedom for Henry Nash Smith to read your telegrams if he didn't like who you supported for President. It meant freedom for Associated Press to block criticism of Western
Union, and even to put potential critics and competitors out of business. And it meant freedom for a scoundrel to hijack the system at his leisure."
net-neutrality internet government politics communication telegraph technical 2009 Sep 23, 7:56"I do understand that it would be annoying to warn users every time they run a bookmarklet, but I think it would be sensible to show a warning at least the first time a given bookmarklet is executed.
If you work for a popular web browser vendor such as Microsoft or Mozilla, you can think of this as my wish for the day! I'd love to hear your feedback if you are reading this!"
technical bookmarklet bookmarklets security web webbrowser javascript 2008 Sep 22, 1:47Tottenkoph, Rev and Philosopher, "Hijacking the Outdoor Digital Billboard Network". DefCon talk presentation notes on hacking digital billboards.
hack defcon security billboard 2007 Apr 17, 11:45Opera (
the fifth most popular web browser) has a new feature named
Speed Dial (video of it in action). Whenever you open a new tab you get your Speed Dial view which consists of nine thumbnails of user-settable
pages. Its like a quick-favorites that appears every time you open a new tab. I think this is a neat idea and was considering how I might do that in IE7. The following is my hack-y and ugly but no
coding required version of Speed Dial for IE7. I like my hack and I'm about to expound upon it in unnecessary detail so skip to the last paragraph if you're afraid of losing interest.
By default in IE7, whenever you open a new tab you navigate to 'about:Tabs'. As noted in wikipedia the result of
navigation to 'about:Tabs' is determined by values in the registry. Specifically, values in the key in
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs". Usually this fact is exploited by
malicious software to hijack
"about:blank" and show you ads but we can hijack it too in order to display our Speed Dial-ish page.
Of course since this is a code-less hack we've got limited options on what to change 'about:Tabs' to display. It should have the following requirements.
- Something local so that our 'about:Tabs' doesn't disappear when we go offline and so that its relatively fast.
- The user should be able to modify its content.
- Show links that the user uses.
- Show thumbnails of those links
- Provide easy to use drag and drop interaction and generally look cool.
Now, I use del.icio.us which allows me to store all of my favorites online and which provides RSS feeds that list my saved links. New in IE7 is an
RSS platform that will, among other things, cache RSS feeds locally. So, by pointing
about:Tabs to my del.icio.us feed 'http://del.icio.us/rss/sequelguy/quickreference' I get (1) from IE7's RSS support, and (2) and (3) from del.icio.us. Of course requirements (4) and (5) are missing
but hey, I said this was ugly.
In summary, if you change the registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs!Tabs" to point to an RSS feed of your favorites you can get a hack-y version of Opera's
Speed Dial. I should note that although its referenced on pages such as wikipedia changing your 'about:Tabs' URI in the manner I describe is not documented and not supported by Microsoft. There could
be all kinds of horrible repercussions from this change of which I'm not aware. Yeah, actually you know what? Forget I said any of this. Pretend I never wrote it...
browser technical hack
OK we get it, cars can be hacked http://arstechnica.com/security/2015/07/ownstar-researcher-hijacks-remote-access-to-onstar/ …
Some rights reserved