HSTS, standing for HTTP Strict Transport Security, is a relatively new standard that aims to bolster the strength of HTTPS connections.Hopefully it’s about to catch on. Google Chrome has supp
Author: Chris Evans
How do you execute code in a turing complete language via the <img> tag? Why, by combining an XSL transform into an SVG image of course!I stumbled across this old file in my archives:http://c
I find this bug interesting, because at first it looks like a relatively minor cross-origin leak. But with a bit of investigation, it has major consequence.The bug is specific to Internet Explorer,
A few weeks back, I published a demo that uses a serious Internet Explorer cross-origin violation to permit a malicious web page to force the visitor to make unwarranted tweets:http://seclists.org/