W
Webcam spying with Chrome
tl;dr; Browsers doesn’t handle webcam permissions well enough. Users should be extremely wary about what’s going on in their browser. From a list of 30 bugs…
All posts
Javascript
25 postsT
The never ending browser sessions
tl;dr; The concept of session memory is not valid anymore in today’s browsers. Even sessionStorage is not cleared after closing the tab. It’s easily revived…
S
Sharing sessionStorage between tabs for secure multi-tab authentication
tl;dr; I’ve created mechanism that will leverage the secure nature of the browser sessionStorage or memoryStorage for authentication and will still allow the…
H
How to know when Chrome console is open
tl;dr; Although it’s not supposed to be supported – it’s possible to know whether the Chrome console is opened or not. Check it out. Reddit discussion. … Ever…
To Listen Without Consent – Abusing the HTML5 Speech
tl;dr; I found a bug in Google Chrome that allows an attacker to listen on the user speech without any consent from the user and without any indication. Even…
T
The Pains and Remedies of Android HTML5
Prologue: I’ve written most of this post some months ago and somehow didn’t publish it. Looking at it now, it’s a good reminder of some of the pains I already…
T
The Promise of Mobile HTML5
Less than a year ago it seemed like HTML5 was going strong. With Facebook and Linkedin adopting the technology to reach most of the screens on the mobile and…
H
HTML5 Mobile Apps - Injection Heaven, Security Hell
Three weeks ago Path.com was fined for stupidly stealing their user’s contact list and saving it onto their servers. Path’s doing was obviously wrong but I’m…
Say What, Flash is More Secure Than HTML5?!
So my favorite script kiddy and copycat, Feross (copied, note the shameless “I discovered” in his Quora post, LoL) Found a social engineering flaw in the HTML5…
T
To Fix JavaScript toFixed
The problem with the built in toFixed function in JavaScript, is that it always round the numbers. It’s like calling Math.round() Call 9.513.toFixed() => 10…
C
Cool feature of HTML5
Not dealing much with HTML lately, I’ve only noticed this new feature now. The thing is that HTML5 let you change the page’s URL path without refreshing the…
P
Putting Data Into Context
The challenges of presenting large amount of data visually in a way that one will be able to easily digest and understand it are becoming more viable daily.…
F
Flash vs HTML5 vs Adobe vs Apple
Disclaimer: I’ve written this post a few days weeks ago when I was a bit pissed, so it has some ranting-ness in it. I do have a soft side for Flash, but, as I…
H
HTML 5 vs Flash vs SilverLight
This is by no mean a full technical comparison between these technologies, just a chat between 2 geeks. One is a skeptic backend dude 😉 and the other one is…
M
Malicious camera spying using ClickJacking
Update: Adobe has fixed this issue by framebusting the Settings Manager pages. Now, 99.9% of the users are protected from this specific exploit. Congrats on…
Thanx for not killing the Flash clipboard
Recently, a questionable Flash feature of writing to the user’s clipboard has been exploited. Adobe will finally fix this feature and it’ll require user…
Encapsulating CSRF attacks inside massively distributed Flash movies - Real world example
Update: Added a sterilized demo and the source code. CSRF (Cross Site Request Forgery) is considered one of the most widely spread exploits in websites today.…
Bug in Internet Explorer security model when embedding Flash
Update: I’ve posted a real world example of this bug being exploited. This one has the same behavior on IE6, IE7 and IE8 betas. I have only tested this with…
M
Mysteries Flash exploit is hijacking the clipboard?
Update: Adobe Product Security Incident Response Team (PSIRT) has referred to this “Clipboard attack” Update 2: Aviv Raff has updated me about the fact that it…
A nice SilverLight showoff by Microsoft
Microsoft recently released the SilverLight version of their Download Center. Its a nice demonstration of the SilverLight technology. But, looking under the…
R
Resolving some issues with swfobject
There are some known issues with swfobject and ASP.NET, infact it’s not just with swfobject but also with the Flash object in general, one issue of using…
S
Script# - C# compiled into Javascript
This might sound familiar to you, the idea of writing an Object Oriented code, that allow compile-time checking, and good code design, that is then compiled…
Uglying your photos with style
You might call it Pimp if you want it to sound cooler, but all in all pikipimp.com will help you make fun of people by uglying their images. Check out how I’ve…
B
Best way to get address variables into Flash
I’ve seen too many wrong or old soulotions for sending query string variables into Flash (page.html?var1=Jon&var2=Smith… etc.). In fact, if you’ll google it…
Understanding Flash's ExternalInterface.
It occurs to me that too many people are not aware of the Flash 8 new and shiny ExternalInterface and are still using fscommand and setVariable or getURL for…