Say What, Flash is More Secure Than HTML5?!
So my favorite script kiddy and copycat, Feross (copied, note the shameless “I discovered” in his Quora post, LoL) Found a social engineering flaw in the HTML5 fullscreen mode that can be used for...
View ArticleHTML5 Mobile Apps – Injection Heaven, Security Hell
Three weeks ago Path.com was fined for stupidly stealing their user’s contact list and saving it onto their servers. Path’s doing was obviously wrong but I’m not sure that their punishment was really...
View ArticleThe Promise of Mobile HTML5
Less than a year ago it seemed like HTML5 was going strong. With Facebook and Linkedin adopting the technology to reach most of the screens on the mobile and on the desktop. Linkedin had the better...
View ArticleThe Pains and Remedies of Android HTML5
Prologue: I’ve written most of this post some months ago and somehow didn’t publish it. Looking at it now, it’s a good reminder of some of the pains I already forgotten. The Android version statistics...
View ArticleSVG For Fun and Phishing
What an awesome format is SVG, so powerful and so well supported by browsers. And yet it is barely being used, it’s not getting the love it deserves. Well, browsers love SVG, perhaps too much… SVG...
View ArticleAbusing The HTML5 Data-URI
After seeing in the previous post how Data-URIs can be used as a mechanism to easily carry malicious code, I’ll elaborate more about the issues it presents. Some of it merely exists from the way...
View ArticleTo Listen Without Consent – Abusing the HTML5 Speech
tl;dr; I found a bug in Google Chrome that allows an attacker to listen on the user speech without any consent from the user and without any indication. Even blocking any access to the microphone under...
View ArticleHow to know when Chrome console is open
tl;dr; Although it’s not supposed to be supported – it’s possible to know whether the Chrome console is opened or not. Check it out. … Ever wondered if it’s possible to tell whether the browser’s...
View ArticleThe never ending browser sessions
tl;dr; The concept of session memory is not valid anymore in today’s browsers. Even sessionStorage is not cleared after closing the tab. It’s easily revived when clicking on “Reopen closed tab”. That...
View ArticleWebcam spying with Chrome
tl;dr; Browsers doesn’t handle webcam permissions well enough. Users should be extremely wary about what’s going on in their browser. From a list of 30 bugs submitted to google regarding that issue,...
View Article
More Pages to Explore .....