2010 Mar 22, 8:40PDF overtakes Word as targeted attack vector of choice.
security office adobe pdf word powerpoint microsoft technical statistics internet malware 2009 Nov 17, 6:52"What if there was a backwards compatible way to transfer all of the resources that are used on every single page in your site โ CSS, JS, images, anything else โ in a single HTTP request at the start
of the first visit to the page? This is what Resource Package support in browsers will let you do." Another resource packaging implementation but this suggests they'll actually implement this in
FireFox. One issue with all of these is you can't use the resources from the package in any context that didn't ask to use the package for fear of security issues which means you can't stick the
packaged resources in your HTTP cache. The package itself could go in the cache which would mean multiple packages per page or all your page's resources in one package. Of course the same security
issues are a concern for all of the packaging proposals if a site has any way to inject into the source the request for the package. It'd be a similar vector to the UTF7 XSS issues but much worse
attack.
security web browser http zip firefox resource technical via:kris.kowal 2009 Aug 24, 4:57"This specification defines the features and syntax for Scalable Vector Graphics (SVG) Version 1.1, a modularized language for describing two-dimensional vector and mixed vector/raster graphics in
XML."
svg graphic web xml reference w3c technical 2009 Aug 21, 3:13"At Black Hat USA 2009 and Defcon 17 Nathan Hamiel and Shawn Moyer introduced an attack called Dynamic Cross-Site Request Forgery (CSRF). This white paper discusses the attack and discusses several
Dynamic CSRF attack vectors." Seems to require sites trying to secure CSRF scenarios using session IDs in their URLs.
security csrf research browser web technical 2009 Jun 12, 12:17Propaganda poster styled RTFM.
humor tshirt mao rtfm internet art propaganda 2008 Mar 8, 11:14Perhaps an IE plugin to support SVG by converting to VML could use this?
svg vml image convert gif vector opensource 2006 Apr 4, 5:30Conditional Comments and the Version Vector may be used to identify the browser version displaying an html page.
conditional-comment version-vector ie html web internet user-agent development dhtml reference msdn microsoft javascript
Some rights reserved