more security articles

The Complete List

1. Persistent Cookies and DNS Rebinding Redux
2. iPhone SSL Warning and Safari Phishing
3. RFC 1918 Blues
4. Slowloris HTTP DoS
5. CSRF And Ignoring Basic/Digest Auth
6. Hash Information Disclosure Via Collisions - The Hard Way
7. Socket Capable Browser Plugins Result In Transparent Proxy Abuse
8. XMLHTTPReqest “Ping” Sweeping in Firefox 3.5+
9. Session Fixation Via DNS Rebinding
10. Quicky Firefox DoS
11. DNS Rebinding for Credential Brute Force
12. SMBEnum
13. DNS Rebinding for Scraping and Spamming
14. SMB Decloaking
15. De-cloaking in IE7.0 Via Windows Variables
16. itms Decloaking
17. Flash Origin Policy Issues
18. Cross-subdomain Cookie Attacks
19. HTTP Parameter Pollution (HPP)
20. How to use Google Analytics to DoS a client from some website.
21. Our Favorite XSS Filters and how to Attack them
22. Location based XSS attacks
23. PHPIDS bypass
24. I know what your friends did last summer
25. Detecting IE in 12 bytes
26. Detecting browsers javascript hacks
27. Inline UTF-7 E4X javascript hijacking
28. HTML5 XSS
29. Opera XSS vectors
30. New PHPIDS vector
31. Bypassing CSP for fun, no profit
32. Twitter misidentifying context
33. Ping pong obfuscation
34. HTML5 new XSS vectors
35. About CSS Attacks
36. Web pages Detecting Virtualized Browsers and other tricks
37. Results, Unicode Left/Right Pointing Double Angel Quotation Mark
38. Detecting Private Browsing Mode
39. Cross-domain search timing
40. Bonus Safari XXE (only affecting Safari 4 Beta)
41. Apple's Safari 4 also fixes cross-domain XML theft
42. Apple's Safari 4 fixes local file theft attack
43. A more plausible E4X attack
44. A brief description of how to become a CA
45. Creating a rogue CA certificate
46. Browser scheme/slash quirks
47. Cross-protocol XSS with non-standard service ports
48. Forget sidejacking, clickjacking, and carjacking: enter “Formjacking”