Author Archives: nikifor

Today, I am back to Belgium, after spending one week in the US. I was in Raleigh, NC, to attend the 19th ACM conference on Computer and Communication Security and to present our paper titled You Are What You Include: … Continue reading →

On my usual daily visit of Slashdot, I read that McAfee introduced a new application called “McAfee Social Protection” for Facebook. In a nutshell, you install their plugin, allow their application to control quite a bit of your Facebook and … Continue reading →

They say a picture is worth a thousand words. How about, two pictures? So, the important points of the above text are: “It’s our goal to make these ads as relevant and useful as possible for you. Google doesn’t create … Continue reading →

I’ve been recently reading Michal Zalewski’s “The Tangled Web”, a book which tries to map the whole security landscape around browsers and Web applications in about 300 pages… it does a pretty good job Now, in Chapter 9, he talks … Continue reading →

Did you know that if you use a popular cheap web hosting product and you haven’t changed the default error pages of your sites, you are most likely hosting an open redirect? If not, read on Suppose for a second … Continue reading →

Two years ago I decided to get a personal site. I was after two things: flexibility and low cost. I didn’t want to get a VPS but I also didn’t want the hosting packages of one domain and 350MB of … Continue reading →

Stored XSS on popular Web statistics framework Statcounter. Log yourselves out of Statcounter and if possible disable JavaScript for the domain (possible in Chrome, not sure about Firefox)…  Will give more details when Statcounter fixes it. The only reason I … Continue reading →

Joke I just made up: What do you call a woman who first says to you “I love you” but ten minutes later she adds “I actually don’t, but don’t feel bad because I say that to all men”?

I still remember the good old days when I would just write “javascript:alert(document.cookie)” in my address bar and the browser would happily show me the JavaScript-accessible cookie values for the current domain. These were simpler days… Mid-2011 the developers of … Continue reading →

Since the beginning of October I’ve been following the online AI course from Standford, taught by Sebastian Thrun and Peter Norvig. In the last two months, I’ve given up a great part of my free time to look at videos, … Continue reading →