Computer Security Is My Interest!

Soroush Dalili’s Weblog

May 30

Another Simple DOM Viewer

What is inside of an object in my browser? What about you?

I’d written a simple JavaScript code in order to list the content of an HTML object. Now, I want to share it with you as well. Although in Mozilla Firefox it is not as good as FireBug, it is very simple and makes life easier! Moreover, it is very useful to get some ideas about misusing the DOMs for example to bypass the Same Origin Policy or even for Steganographic purposes. However, I do not advise you to use this JS code to steal users’ HTML objects in case of having an XSS in an application as you can write a faster and more reliable code for any special target.

So, it is just a code for playing in order to gain more experience and also having fun with DOMs. Please cite me or let me know if you find anything interesting by using it.

Click here for the demo and the code: http://0me.me/demo/tricks/DOM_Obj_Browse.html

Save it, Modify it, Enjoy and please do not forget me ;)

از این کد می توانید به منظور دیدن تمامی objectهای موجود در یک صفحه HTML استفاده کنید. این کد به شما کمک خواهد کرد تا شناخت بیشتری نسبت به اشیا موجود به دست بیاورید. حتی ممکن است بتوانید به کمک آن SOP را بایپس کنید یا از آن برای پیدا کردن ایده برای نهان نگاری (Steganography) استفاده کنید. لطفا در صورت یافتن اطلاعات جالب و یا آسیب پذیری مرورگرهی وب مرا نیز در جریان تحقیق خود قرار دهید. موفق باشید.

Jan 04

The Web Application Security Consortium Threat Classification v2.0

Normal Posts, Security Posts No Comments »

After OWASP updated its Top 10, now I’m very glad to quote this:

The Web Application Security Consortium (WASC) is pleased to announce the long awaited release of the WASC Threat Classification v2.0.

You can read more information from these links: http://projects.webappsec.org/Threat-Classification and http://projects.webappsec.org/f/WASC-TC-v2_0.pdf

Cheers,

Soroush

Tagged with: WASC Threat Classification v2.0 • Web Application Security Consortium Threat Classification

Dec 26

Mirror Blog

Normal Posts No Comments »

As my website cannot be opened from Iran, I made a mirror blog at: http://irsdl.wordpress.com/

However, I do not think that I can sync. the comments.

Cheers,

Soroush

Tagged with: Mirror Blog • soroush dalili blog

Dec 05

Google captured my privacy!

Normal Posts, Security Articles 2 Comments »

Google will be the best Firewall and Forensic Tool of the near future!

Google will (or already) know the users’ information!

News:

“Google pushes security with Public DNS” -> So, Google DNS can collect all the websites which is viewed by the users …

“Browsers use Google to detect web forgery -> So, a browser send a request to Google before openning a website for you! …

“The best search engine for all” -> So, Google can collect your keywords! …

“The best public mail service” -> So, Google can collect your emails …

“Google owned Youtube” -> So, Google can collect your videos …

“Google codes” -> So, Google can collect your source codes …

“Google documents” -> So, Google can collect your documents …

“Google photos” -> So, Google can collect your photos …

“Google messenger” -> So, Google can collect the messages …

“Most of the websites use Google web analyzer (tracker)” -> So, Google can track the websites’ information and also their customers! …

“Google Wave” -> So, Google can collect the blogs ,e-mails, instant messaging, FTPs, social networking’s, and so on’s information! …

“Google powerful translators” -> So, Google can understand why you are saying in other languages!

“Searchable images/sounds/videos by text or another object!” -> So, Google can search in users’ collected data …

“Chrome OS” -> So, Google can do anything with your computer …

AND etc (see http://www.google.co.uk/intl/en/options/ and http://www.googlelabs.com/)…

We are waiting for the most powerful shopping centre by Google!

However, we should trust Google in order to have happier and easier life!

Google = No Pain, No Gain!

Best wishes ;)

Soroush

Tagged with: Google captured my privacy • Google captured your privacy • Google is the best Firewall • Google is the best Forensic Tool • Privacy by Google

Nov 29

Travian Game Vulnerabilities in progress…

Normal Posts, Security Posts No Comments »

3 weeks ago, I sent an email about some small but effective vulnerabilities in Travian online game to its providers. By using these vulnerabilities a player can make several accounts by the same email address (because of a logical flaw), and also, he/she can login to other players’ accounts (by using an XSS vulnerability which is completely proved).

Now, I’m still waiting for their final response as I don’t want to be harmful for them!

Tagged with: logical flaw • travian game • travian hack • travian online game • website vulnerability • XSS Vulnerability

Previous Entries

Free WordPress Themes

Links

Symantec Security News

Symantec Endpoint Protection on Developer's Machine July 16, 2010
Hello We are currently migrating to SEP and we are testing the SEP client on a test server before putting it on a production server. At the moment we only use Antivirus and Antispyware protection for the client installs. The developers would like to know what files SEP is accessing during the file protection (We have created exclusions for our software). Is […]
clients got policy updates or not July 16, 2010
hi there, i have a little issue about getting policy updates on serveral users, can u tell me where to find it. i wan to ensure that clients received policy updates properly.... […]
SEP for Mac Internal LiveUpdate server, Java requirements? July 15, 2010
Hey guys! I currently setting up a test environment to run SEP (11.0.6) on my Macintosh machines. I have LUA 2.2.2.9 set up and correctly configured. We are moving our Macintosh machines to 10.6.4 (snow Leopard) and I am testing on this platform. I've created a client install package off of my Symantec Endpoint Protection Manager console and have […]

Google Reader

New Statesman - Beware those Black Swans July 15, 2010
Shared by Jeff Williams "Do not give children sticks of dynamite, even if they come with a warning label" The bestselling economist Nassim Nicholas Taleb argues that we can’t make the world financial system immune to shocks –– but we can make sure it’s much more robust by building randomness into our planning. […]
Understanding the market for buggy software: Complexity blurs line between bugs and features July 15, 2010
The prevalence of bugs in mainstream software is difficult to deny, but the reason for it is poorly understood and subject to debate. The question of why people accept buggy software, but not other products with similar levels of flawed design, is perhaps not a valid question. It is unrealistically optimistic to think that people would not accept “bugs” in p […]
"We Haven't Been Hacked" ...is not a metric July 15, 2010
An interesting thing happens when speaking with the few non-believers in Web Application Security out there. Many of them cite the it hasn't happened to me metric for why they don't feel the need to incorporate better security (or any at all) into their development programs. You know me though, by now, and probably know that I always have a follow- […]

Computer Security Is My Interest!

Another Simple DOM Viewer

The Web Application Security Consortium Threat Classification v2.0

Mirror Blog

Google captured my privacy!

Google will be the best Firewall and Forensic Tool of the near future!

However, we should trust Google in order to have happier and easier life!

Google = No Pain, No Gain!

Travian Game Vulnerabilities in progress…

Categories

Recent Posts

Links

Symantec Security News

Google Reader

New Vulnerabilities