サクサク読めて、アプリ限定の機能も多数!
トップへ戻る
Pixel 9
www.tomanthony.co.uk
Short version: Zoom meetings were default protected by a 6 digit numeric password, meaning 1 million maximum passwords. I discovered a vulnerability in the Zoom web client that allowed checking if a password is correct for a meeting, due to broken CSRF and no rate limiting. This enabled an attacker to attempt all 1 million passwords in a matter of minutes and gain access to other people’s private
Short version: Googlebot is based on Google Chrome version 41 (2015), and therefore it has no XSS Auditor, which later versions of Chrome use to protect the user from XSS attacks. Many sites are susceptible to XSS Attacks, where the URL can be manipulated to inject unsanitized Javascript code into the site. Since Googlebot executes Javascript, this allows an attacker to craft XSS URLs that can man
I was conducting some experiments on how Googlebot parses and renders Javascript, and I came across a couple of interesting things about the way it does so. The first is that Googlebot’s Math.random() function produces an entirely deterministic series. I created a small script which uses this identify Google in an obfuscated fashion: http://www.tomanthony.co.uk/fun/googlebot_puzzle.html The first
This is a demonstration of how a website can detect which Social Networks a user is logged into when they visit. In my tests it seems to work in all the major browsers (Firefox, Chrome, IE 7+, Safari and Opera). For details please see my post on how to detect which social networks your visitors are logged into. If you want to prevent sites from being able to detect this then for Firefox you can tr
The quick version: I’ve found a way to abuse the login mechanism for both Twitter and Google to detect whether a user is logged in to that service. Facebook provides an API for this. So I provide a cross-browser javascript template that works for all 3 networks. If you want to get straight to the code jump to the implementation section or check out the Social Network Login Status Detector Demo. In
Now that the Google +1 button is out the Social SEO battle will inevitably be stepped up a gear. We know the search engines are using social shares and likes to impact the rankings, and Google’s +1 button is their way of ensuring at least some of this data is directly in their hands. So obviously, tracking this data is very important for SEOs, and both Facebook and Twitter have APIs for pulling in
このページを最初にブックマークしてみませんか?
『www.tomanthony.co.uk』の新着エントリーを見る
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く