Preventing page redirects to data:, in Safari
Safari has a built in XSS auditor that tries to prevent reflective XSS attacks – where the attacker submits content through a POST request and it is immediately displayed back in the response. To do this it looks for tags, including <script> and <iframe>, in the POST params. If it finds any, it looks Read More »
Things Storm bookmarked this week / 19-10-11
Things we liked this week: Adam popped me over this rather nice interview with Peter Norvig giving a run down of AI techniques employed by Google. It’s a long piece but well worth a read as it explains how some of the magic actually works.. For once, Paul didn’t focus on the fail – this Read More »
Things Storm bookmarked this week / 05-10-11
Things we liked this week: …Liam was confused by people not understanding that the iPhone 4S is the iPhone 5 (not to mention the shameless ripping off by Apple of Google Latitude…). Meanwhile, he bookmarked: Amazon’s new Kindle without keyboard now shipping in the UK (but apparently UK folks don’t get the Kindle Touch, or ad-supported Kindles). He Read More »
Storm news roundup 23-09-11
Storm’s favourite web stories from the week… Liam: “This week I’ve been induced into a Video Game coma with the launch of Gears of War 3 and OnLive, and the EuroGamer expo yesterday in London. It’s not all play though – The OnLive service (http://www.onlive.co.uk) is a technical masterpiece.We’re huge fans of the technical challenges Read More »
Things Storm bookmarked this week / 21-09-11
Another week, another bunch of interesting web happenings. Here’s a few you may be interested in: Google+ opened their doors to everyone, with a whopping great homepage arrow thingy. At roughly the same time, I stumbled across this rather frank assessment of the service: “perfectly adequate, fun to stumble onto but completely irrelevant…”. Many in Read More »
XSS Vulnerability at PayPal could lead to Phishing
A cross-site scripting vulnerability (XSS) has been found in online payment processing firm PayPal’s website. The vulnerability allows arbitrary code execution and could be used in a Phishing attack to gather data from unsuspecting users.
Prevent Contact Form Spam Email Header Injection
A common technique employed by spammers to send large quantities of email is through the use of unsecured web forms like contact forms. The vulnerability they exploit is a form of Header Injection. There are several basic steps you can take to secure your web forms and prevent spam from originating from your website.
01782 673000 Phone Scam
I’ve just got off of the phone with the lovely people at …. I have no idea what company, they certainly weren’t Orange that’s for sure! Its a scam, pure and simple.