2010 Mar 22, 8:40
PDF overtakes Word as targeted attack vector of choice.
2009 Nov 17, 6:52
"What if there was a backwards compatible way to transfer all of the resources that are used on every single page in your site — CSS, JS, images, anything else — in a single HTTP request at the start
of the first visit to the page? This is what Resource Package support in browsers will let you do." Another resource packaging implementation but this suggests they'll actually implement this in
FireFox. One issue with all of these is you can't use the resources from the package in any context that didn't ask to use the package for fear of security issues which means you can't stick the
packaged resources in your HTTP cache. The package itself could go in the cache which would mean multiple packages per page or all your page's resources in one package. Of course the same security
issues are a concern for all of the packaging proposals if a site has any way to inject into the source the request for the package. It'd be a similar vector to the UTF7 XSS issues but much worse
2009 Aug 24, 4:57
"This specification defines the features and syntax for Scalable Vector Graphics (SVG) Version 1.1, a modularized language for describing two-dimensional vector and mixed vector/raster graphics in
2009 Aug 21, 3:13
"At Black Hat USA 2009 and Defcon 17 Nathan Hamiel and Shawn Moyer introduced an attack called Dynamic Cross-Site Request Forgery (CSRF). This white paper discusses the attack and discusses several
Dynamic CSRF attack vectors." Seems to require sites trying to secure CSRF scenarios using session IDs in their URLs.
2009 Jun 12, 12:17
Propaganda poster styled RTFM.
2008 Mar 8, 11:14
Perhaps an IE plugin to support SVG by converting to VML could use this?
2006 Apr 4, 5:30
Conditional Comments and the Version Vector may be used to identify the browser version displaying an html page.