Security consulting: <a href="https://sakurity.com">Sakurity</a> Twitter: <a href="http://twitter.com/homakov">@homakov</a>. <a href="https://sakurity.com/blog">Subscribe to our new blog!</a>
http://homakov.blogspot.com/
TODAY'S RATING
>1,000,000
Date Range
HIGHEST TRAFFIC ON
Monday
LOAD TIME
0.4 seconds
16x16
32x32
PAGES IN
THIS WEBSITE
19
SSL
EXTERNAL LINKS
93
SITE IP
216.58.219.225
LOAD TIME
0.357 sec
SCORE
6.2
Egor Homakov | homakov.blogspot.com Reviews
https://homakov.blogspot.com
Security consulting: <a href="https://sakurity.com">Sakurity</a> Twitter: <a href="http://twitter.com/homakov">@homakov</a>. <a href="https://sakurity.com/blog">Subscribe to our new blog!</a>
homakov.blogspot.com
Egor Homakov: Hacking rails/rails repo
http://homakov.blogspot.com/2012/03/how-to.html
Subscribe to our new blog! Sunday, March 4, 2012. So I commited in rails/rails repo. I simply added a input value=USER ID name=public key[user id] field to Public key update form, where USER ID = 4223 (from https:/ api.github.com/users/rails. Backend didn't whitelist accessible attributes and had something like this:. Key = PublicKey.find(params[:id]). Keyupdate attributes(params[:public key]) #Oh no! We passed public key[user id] of our victim! Thoughts on this from 2014:. March 4, 2012 at 2:19 PM.
Egor Homakov: Bitstamp problem and warm wallets
http://homakov.blogspot.com/2015/01/bitstamp-problem-and-warm-wallets.html
Subscribe to our new blog! Wednesday, January 7, 2015. Bitstamp problem and warm wallets. We are publishing an exciting report on Peatio. Exchanger soon and I've got quite a few thoughts on how to make exchangers' architecture and wallets more secure. Then I see this. Five Million. Dollars. In a hot wallet. Ok, sure it's not everything they had. It's a small part of their assets. But I'm not going to believe this hack is not a big deal for them. I bet they are a little bit upset. Another thing warm walle...
Egor Homakov: Bypassing ClearClick and X-Frame-Options:Visible
http://homakov.blogspot.com/2014/09/bypassing-clearclick-and-x-frame.html
Subscribe to our new blog! Tuesday, September 2, 2014. Bypassing ClearClick and X-Frame-Options:Visible. I bet, you know what Clickjacking. CJ) is. Old problem everybody's tired of hearing of. There are three types of web pages. Don't need to be shown in iframes but have no X-Frame-Options. Basically 99% or more of pages, CJ only exist due to poor design of web which made framing of cross domain pages possible without their consent. But there is another kind of pages - widgets. They do need. We don't kno...
Egor Homakov: Two "WontFix" vulnerabilities in Facebook Connect
http://homakov.blogspot.com/2014/01/two-severe-wontfix-vulnerabilities-in.html
Subscribe to our new blog! Sunday, January 26, 2014. Two "WontFix" vulnerabilities in Facebook Connect. Every website with "Connect Facebook account and log in with it" is vulnerable to account hijacking. Every website relying on signed request (for example official JS SDK) is vulnerable to account takeover, as soon as an attacker finds a 302 redirect to other domain. CSRF on facebook.com login to hijack your identity. It's higher level Most-Common-OAuth-Vulnerability. Submit() /script ' /iframe. This fo...
Egor Homakov: How I hacked Github again.
http://homakov.blogspot.com/2014/02/how-i-hacked-github-again.html
Subscribe to our new blog! Friday, February 7, 2014. How I hacked Github again. This is a story about 5 Low-Severity bugs I pulled together to create a simple but high severity exploit, giving me access to private repositories on Github. These vulnerabilities were reported privately and fixed in timely fashion. Here is the "timeline" of my emails. A few days ago Github launched a Bounty program. Which was a good motivator for me to play with Github OAuth. First thing I noticed was:. Without the first bug...
TOTAL PAGES IN THIS WEBSITE
19
jgsf1987: Why It's Important To Listen To President Obama On The Recent Deal With Iran
http://www.jgsf1987.com/2015/07/why-its-important-to-listen-to.html
I say what I think. Я говорю что думаю. There was an error in this gadget. Privacy Policy and Use of Cookies Information for European Union Users. Enter your email address:. Subscribe with a Reader. Subscribe in a reader. Subscribe to jgsf1987 by Email. Sunday, July 19, 2015. Why It's Important To Listen To President Obama On The Recent Deal With Iran. Take this opportunity to listen to Barack Obama. Together with the Prime Minister of Israel. I mentioned this on my YouTube. If you can't call, email them.
How To Work Faster With Chrome Developer Console - arzumy md
http://ar.zu.my/how-to-work-faster-with-chrome-developer-console
Short notes on small discoveries. How To Work Faster With Chrome Developer Console. Web developer spent considerable amount of time working on browser console. You could be working mostly on Firefox Firebug. Or Chrome Developer Console. It's good to learn a trick or two to speed up development. I learned this from Egor Homakov. We were smoking shisha when he decided to pull out his machine and get some work done. And while he was at it, he showed us few tricks. The first one was. Click on a node and type.
Links | Jeff Browell
http://www.jeffbrowell.com/node/4
Skip to main content. A little selection of sites I pull RSS feeds from:. Sathish Arthar's Linux Digest. Church of the Brethren. Is a content management system used by over 30% of the Government sites. Its easy to install, upgrade and configure. Drupal has become my favorite content management system because of the community behind it and the extensibility of it. Is probably the most versatile traffic capture tool.
David Sopas - hacking web apps: 3 Open Redirect on Google - UNFIXED
http://davidsopaslabs.blogspot.com/2013/11/3-open-redirect-on-google-unfixed.html
David Sopas - hacking web apps. Thursday, November 21, 2013. 3 Open Redirect on Google - UNFIXED. In the last couple of weeks I discovered three Open Redirect security issues on Google. For those who don't know what is a Open Redirect vulnerability, OWASP. Has a section about it ( https:/ www.owasp.org/index.php/Open redirect. Open Redirects are very attractive for spammers. Why? Https:/ helpouts.google.com/opener? Url=http:/ labs.davidsopas.com. Https:/ helpouts.google.com/opener? Var c = window,. Aopen...
GitHub - thoughtbot/paperclip: Easy file attachment management for ActiveRecord
https://github.com/thoughtbot/paperclip/tree/master
Easy file attachment management for ActiveRecord. Use Git or checkout with SVN using the web URL. Aug 22, 2015. Correct S3 specs to use the correct keys in the s3 credentials hash * S3 tests work with a region that requires s3 domain url [fixes #1985. Failed to load latest commit information. Aug 19, 2016. Test against Rails 5 final (. Jul 1, 2016. Make fingerprint digest configurable (. Aug 24, 2016. Convert all of the tests from test/unit to RSpec. Mar 11, 2014. Aug 24, 2016. Add Code Climate Config (.
OAuth 2.0 and the Road to Hell | hueniverse
https://hueniverse.com/2012/07/oauth-2-0-and-the-road-to-hell
The OAuth 1.0 Guide. OAuth 2.0 and the Road to Hell. Update: three years later I wrote something new… introducing Oz. They say the road to hell is paved with good intentions. Well, that’s OAuth 2.0. Last month I reached the painful conclusion that I can no longer be associated with the OAuth 2.0 standard. I resigned my role as lead author and editor, withdraw my name from the specification. When compared with OAuth 1.0. To be clear, OAuth 2.0 at the hand of a developer with deep understanding of web ...
Facebook values the privacy of its billion users at $4,500 - Yvo Schaap
http://www.yvoschaap.com/weblog/facebook_values_the_privacy_of_its_billion_users_at_4500
Facebook values the privacy of its billion users at $4,500. Back in 2009 I found. And a finders bounty as reward. An idea initially developed in the software industry, due to a growing black market of parties buying exploits to setup botnets and whatnot detailed in this interesting The Economist article. Such a program in 2011. This year, Facebook already lists 65 people. Actually, 66 people reported a vulnerability in 2013. There is no maximum reward. Browser limitations). For me a clear sign to kee...
David Sopas - hacking web apps: April 2014
http://davidsopaslabs.blogspot.com/2014_04_01_archive.html
David Sopas - hacking web apps. Tuesday, April 22, 2014. PhpList CSRF on subscription page. For those who don't know phpList. Is an open source software for managing mailing lists. It is designed for the dissemination of information, such as newsletters, news, advertising to list of subscribers. It is written in PHP and uses a MySQL database to store the information. The software is distributed free under GPL license. (in Wikipedia). I discover a CSRF. So I recommend the download as soon as possible.
Аниме для тех, кто (еще) не смотрел аниме | Spryt
http://spryt.ru/anime
Аниме для тех, кто (еще) не смотрел аниме. Май 9, 2015. Это не арт, это скриншот из полнометражки Garden of Words. Ookami Kodomo no Ame to Yuki. Волчьи дети Амэ и Юки. Бессмысленный и беспощадный, бешенно драйвовый мувик, буйство красок и экшена. Все семь форсажей и звездных войн в одном фильме) Никакого смысла, только нарастающий по повествованию драйв, саундтрек от которого хочется оторвать батарею и выбросить в окно, чумовой дизайн всего (от причесок и автомобилей до оружия и персонажей), и скольк...
TOTAL LINKS TO THIS WEBSITE
93
Профессиональные материалы для укладки напольных покрытий homakoll.
Официальный дистрибьютор Homa Сhemical Engineering. Профессиональные материалы для укладки напольных покрытий homakoll. Компании Homa Сhemical Engineering. Клей для мебели и деревообработки. Большое количество различных клеевых материалов для проведения ремонтных и строительных работ. В этом разделе каталога представлены продукты, которые подойдут как для мелкого домашнего ремонта своими руками. На страницу с материалами. На страницу с материалами. На страницу с материалами. Группа ХОМА - современный хим...
Egor Homakov
Subscribe to our new blog! Saturday, February 21, 2015. This blog is closed, new posts will be published at http:/ sakurity.com/blog. Thanks for being with me here for so many years :). Wednesday, January 7, 2015. Bitstamp problem and warm wallets. We are publishing an exciting report on Peatio. Exchanger soon and I've got quite a few thoughts on how to make exchangers' architecture and wallets more secure. Then I see this. Five Million. Dollars. In a hot wallet. Another thing warm wallet should do is ba...
SOCIAL ENGAGEMENT