Hyperlink Spoofing and the Modern Web

Over the past six months or so I’ve been looking at hyperlink spoofing threats as a bit of a part-time project.  I’ve primarily been interested in how the design of social networking platforms impacts the ability of their users to make good trust decisions regarding hyperlinks.  The interaction between social networking services and short-link services…

0

Creating XSS

I’ve seen MS10-002 pop up a few times in discussion recently.  This is a reference to the legendary issue that David Lindsay and Eduardo Vela Nava discovered, where neutering for a given heuristic actually enabled XSS, assuming attacker control of data inside a properly quoted HTML attribute.  I’d like to share some detail about the tools the XSS Filter has…

0