Skip to content

Category Archives: Security

Can Stick Figures Make AES More Understandable?

I sometimes come across informative explanations of concepts from other bloggers. Sometimes these explanations are more entertaining than I would ever be able to make them. I sometimes write explanations of concepts here and I try to present them in a way that will make readers interested in reading them. I also sometimes critique explanations […]

A Review of the Fourth Chapter of the Second Edition of “Hacking: The Art of Exploitation”

Those who have read my reviews of parts of the second edition of “Hacking: The Art of Exploitation” by Jon Erickson may not be surprised to see that I am continuing this series of reviews of sections of that book. At the end of my review of the third chapter of that book, I mentioned […]

URL Shortening Services and Their Security Implications

URL shortening services such as TinyURL.com have been in existence for years. These services that are used for creating shorter versions of long URLs have been considered useful for a long time. Now that micro-blogging services such as Twitter are often used, and because some of these services enforce a limit of 140 characters per […]

A Review of the Third Chapter of the Second Edition of “Hacking: The Art of Exploitation”

After I wrote a review of the first two chapters of the second edition of “Hacking: The Art of Exploitation” by Jon Erickson, I considered writing a review of the third chapter of it. Now that I have finished reading the third chapter of that book, which is the chapter on program exploitation, I review […]

Adblock Plus vs. NoScript: Inside the Dispute Between Two of the Best-Known Firefox Extensions

Whenever there is a dispute between two parties, discovering all of the important facts regarding the dispute can be difficult. There are two sides to every story about disputes between two parties. Those on one side of the dispute may accuse those on the other side of it of not being perfectly honest when giving […]

The Twitter XSS Worm and Lessons That Can Be Learned From It

In the last entry that I wrote here, I mentioned the XSS worm that affected Twitter. In this entry, I describe this worm in greater detail. In addition, I explain what can be done by end users so that they can avoid being victims of attacks such as these. This worm infected the profiles of […]

Do Not Remember Me: A Greasemonkey Script for Those Who Do Not Want to Be “Remembered” by Websites

It seems that nearly every website that has a form for logging into it includes an option for having the website “remember” the user. Some users find it convenient to be “remembered” by sites, as when they are remembered, they will not need to enter their usernames and passwords as often. However, there are disadvantages […]

The Importance of NoScript’s Surrogate Scripts

The tradeoff between security and convenience is one that users often face when browsing the web. Those who prefer security at the expense of convenience would prefer to use the Firefox extension called NoScript, which is an extension whose name emphasizes the measures it takes to secure the browser. There are those who would say […]

An Introduction to JavaScript Forms That Is Also an Introduction to How to Perform XSS Attacks

I sometimes take time to visit XSSed.com to see if any high profile websites are, or had been, vulnerable to XSS attacks. I also look to see how long it takes websites to remove vulnerabilities to XSS attacks. High profile websites such as Google and Facebook tend to have these vulnerabilities removed within short periods […]