Michael Sutton's Blog
January 2007 - Posts
How Prevalent Are XSS Vulnerabilities?
How Prevalent Are Cross Site Scripting (XSS) Vulnerabilities? Based on a recent experiment, I wasn't surprised to see that they're everywhere and finding dozens at a time doesn't present much of a challenge. Back in September, 2006 I sought
Read More...
Evaluating Security Tools
All companies face the challenge of evaluating security tools that they will procure, but knowing where to start can be a daunting task. While there's no perfect way to ensure that a product meets your needs a little due diligence is essential. Fortunately,
Read More...
Decoding the Google Blacklist
After publishing last week's blog entitled ‘A Tour of the Google Blacklist' , I received a few queries about Google's encoded/hashed blacklist (enchash). This blacklist is separate from the unencoded blacklist that was the focus of the
Read More...
Microsoft Black Tuesday - January 2007
This month's bulletins leave us with two major headlines. First, ‘What happened to half of the bulletins?' and secondly, Internet Explorer 7.0 isn't apparently quite as bullet proof as advertised. Even before Black Tuesday arrived this
Read More...
A Tour of the Google Blacklist
[Update 01.10.07: In response to some of the queries that I've been receiving, I've published a follow up blog to discuss the structure/decryption algorithm of Google's Encoded/Hashed Blacklist .] I recently decided to devote a day to walking
Read More...
Search
Go
This Blog
Home
Email
Tags
0day
AJAX
Binary Search
Black Tuesday
blacklist
certificates
Code Search
ColdFusion
EV SSL
google
Microsoft
Patches
phishing
resolutions
SQL Injection
SSL
Web 2.0
XSS
Navigation
Home
Blogs
Forums
Photos
Downloads
Archives
January 2008 (1)
June 2007 (2)
May 2007 (1)
April 2007 (2)
March 2007 (1)
February 2007 (3)
January 2007 (5)
December 2006 (4)
November 2006 (4)
October 2006 (3)
September 2006 (6)
August 2006 (1)
SPI Links
SPI Product News
Developer Security
SPI Dynamics
SPICON 2006
Syndication
RSS 2.0
Atom 1.0