vector - Dave's Blog

Search

PDF Most Common File Type in Targeted Attacks - F-Secure Weblog : News from the Lab

2010 Mar 22, 8:40PDF overtakes Word as targeted attack vector of choice.PermalinkCommentssecurity office adobe pdf word powerpoint microsoft technical statistics internet malware

Making browsers faster: Resource Packages ยท Alexander Limi

2009 Nov 17, 6:52"What if there was a backwards compatible way to transfer all of the resources that are used on every single page in your site โ€” CSS, JS, images, anything else โ€” in a single HTTP request at the start of the first visit to the page? This is what Resource Package support in browsers will let you do." Another resource packaging implementation but this suggests they'll actually implement this in FireFox. One issue with all of these is you can't use the resources from the package in any context that didn't ask to use the package for fear of security issues which means you can't stick the packaged resources in your HTTP cache. The package itself could go in the cache which would mean multiple packages per page or all your page's resources in one package. Of course the same security issues are a concern for all of the packaging proposals if a site has any way to inject into the source the request for the package. It'd be a similar vector to the UTF7 XSS issues but much worse attack.PermalinkCommentssecurity web browser http zip firefox resource technical via:kris.kowal

Scalable Vector Graphics (SVG) 1.1 (Second Edition)

2009 Aug 24, 4:57"This specification defines the features and syntax for Scalable Vector Graphics (SVG) Version 1.1, a modularized language for describing two-dimensional vector and mixed vector/raster graphics in XML."PermalinkCommentssvg graphic web xml reference w3c technical

Dynamic CSRF White Paper Posted โ€” Portal

2009 Aug 21, 3:13"At Black Hat USA 2009 and Defcon 17 Nathan Hamiel and Shawn Moyer introduced an attack called Dynamic Cross-Site Request Forgery (CSRF). This white paper discusses the attack and discusses several Dynamic CSRF attack vectors." Seems to require sites trying to secure CSRF scenarios using session IDs in their URLs.PermalinkCommentssecurity csrf research browser web technical

Mao RTFM vectorize by ~cmenghi on deviantART

2009 Jun 12, 12:17Propaganda poster styled RTFM.PermalinkCommentshumor tshirt mao rtfm internet art propaganda

Vector Converter | Installation notes

2008 Mar 8, 11:14Perhaps an IE plugin to support SVG by converting to VML could use this?PermalinkCommentssvg vml image convert gif vector opensource

About Conditional Comments

2006 Apr 4, 5:30Conditional Comments and the Version Vector may be used to identify the browser version displaying an html page.PermalinkCommentsconditional-comment version-vector ie html web internet user-agent development dhtml reference msdn microsoft javascript
Older Entries Creative Commons License Some rights reserved.