Our Blog.

Preventing page redirects to data:, in Safari

Safari has a built in XSS auditor that tries to prevent reflective XSS attacks – where the attacker submits content through a POST request and it is immediately displayed back in the response.   To do this it looks for tags, including <script> and <iframe>, in the POST params.  If it finds any, it looks Read More »

May 22, 2015 | by

Things Storm bookmarked this week / 19-10-11

Things we liked this week: Adam popped me over this rather nice interview with Peter Norvig giving a run down of AI techniques employed by Google. It’s a long piece but well worth a read as it explains how some of the magic actually works.. For once, Paul didn’t focus on the fail – this Read More »

October 19, 2011 | by

Things Storm bookmarked this week / 05-10-11

Things we liked this week: …Liam was confused by people not understanding that the iPhone 4S is the iPhone 5 (not to mention the shameless ripping off by Apple of Google Latitude…). Meanwhile, he bookmarked: Amazon’s new Kindle without keyboard now shipping in the UK (but apparently UK folks don’t get the Kindle Touch, or ad-supported Kindles). He Read More »

October 5, 2011 | by

Storm news roundup 23-09-11

Storm’s favourite web stories from the week… Liam: “This week I’ve been induced into a Video Game coma with the launch of Gears of War 3 and OnLive, and the EuroGamer expo yesterday in London. It’s not all play though – The OnLive service (http://www.onlive.co.uk) is a technical masterpiece.We’re huge fans of the technical challenges Read More »

September 23, 2011 | by

Things Storm bookmarked this week / 21-09-11

Another week, another bunch of interesting web happenings. Here’s a few you may be interested in: Google+ opened their doors to everyone, with a whopping great homepage arrow thingy. At roughly the same time, I stumbled across this rather frank assessment of the service: “perfectly adequate, fun to stumble onto but completely irrelevant…”. Many in Read More »

September 21, 2011 | by

XSS Vulnerability at PayPal could lead to Phishing

A cross-site scripting vulnerability (XSS) has been found in online payment processing firm PayPal’s website. The vulnerability allows arbitrary code execution and could be used in a Phishing attack to gather data from unsuspecting users.

May 16, 2008 | by

Prevent Contact Form Spam Email Header Injection

A common technique employed by spammers to send large quantities of email is through the use of unsecured web forms like contact forms. The vulnerability they exploit is a form of Header Injection. There are several basic steps you can take to secure your web forms and prevent spam from originating from your website.

February 28, 2008 | by

01782 673000 Phone Scam

I’ve just got off of the phone with the lovely people at …. I have no idea what company, they certainly weren’t Orange that’s for sure! Its a scam, pure and simple.

February 20, 2008 | by