Comments for SamuraiNet Blog

Comment on Google’s ‘Chrome’ released… by Daniel

Daniel — Wed, 03 Sep 2008 19:17:20 +0000

I can’t remember where the article was (try Ars Technica?) but the exploit is because Google used an older version of WebKit that did not have the fix for this vulnerability.

The article went on to mention the history of the exploit and how Apple downplayed the seriousness of the issue and took close to 3 months to patch it.

Comment on Using RefControl by Uber0n

Uber0n — Wed, 27 Aug 2008 20:24:31 +0000

Sometimes sites store unfiltered referrers in .htm (or similiar) log files, which can be used to run XSS against the admins who check the logs

Comment on Ion3 Window Manager by Darth Platypus

Darth Platypus — Tue, 26 Aug 2008 12:23:11 +0000

The whole mouse thing is a fad… when will people realize that the *true* path to righteousness lies not through the point-and-grunt neanderthalic methods they’ve grown accustomed to, but rather through the elegant and expressive method that’s been all-but-abandoned in this day and age in favor of odious touchscreens and big-ass tables!

Comment on The return of the Tv-Links by tv links

tv links — Sun, 27 Jul 2008 13:51:55 +0000

tv links cc is just a clone of the original one, it isnt actually the REAL one

Comment on Using RefControl by admin

admin — Fri, 18 Jul 2008 02:35:20 +0000

Yes. It was listed in the first post of this section.

Comment on Using RefControl by Daniel Cousineau

Daniel Cousineau — Fri, 18 Jul 2008 01:41:25 +0000

So are you going to link to the refcontrol site or do I have to google it?

I’m assuming http://www.stardrifter.org/refcontrol/ is correct?

Comment on Web Application Penetration Testing… my tools of the trade by SuperCherry

SuperCherry — Fri, 11 Jul 2008 13:10:10 +0000

Nice collection but, if someone is doing web app testing wont use map (not that it wont give interesting information) because are running tests on the 7th
layer. To do proper Web server banner scanning you can use httpPrint, or Wikto (Wikto is using HttpPrint and HttpTrack to identify and clone the site for further analysis).

Something similar to nmap is hmap (not the best tool, but it is open source and someone can learn from it). Guy have a look at http://blog.kassaras.com.

PS: Nice post…

Comment on Cookies, Cookies, and Cookies by Nick

Nick — Wed, 25 Jun 2008 07:40:51 +0000

According to MozillaLine ( http://kb.mozillazine.org/Firefox_:_FAQs_:_About:config_Entries ), “P3P functionality is not present in Firefox and will probably be removed from Mozilla Suite”. Am I missing something? Are you using an extension to enforce P3P?

Could you not achieve your custom policy more simply by setting network. cookie. lifetimePolicy to 2 (accept for session only) and network. cookie. cookieBehavior to 1 (allow cookies from originating server only)?

Comment on BackTrack2 Wireless by Jon Butler

Jon Butler — Mon, 23 Jun 2008 13:37:36 +0000

Nice post samurai!

@Stuart Jones - I assume you checked out the new b43 drivers? They even support injection! What a jump! From no support to packet injection, it supports quite a few of the broadcom chipsets. You can find yours with:

lspci -nn | grep Broadcom

Should be the last 4 digits in the square brackets.

Comment on Cookies, Cookies, and Cookies by Kelly (Raven) Grzech

Kelly (Raven) Grzech — Sun, 08 Jun 2008 23:13:52 +0000

You ought to try the WP-Footnotes (http://www.elvery.net/drzax/more-things/wordpress-footnotes-plugin/) Wordpress plugin for your references. ‘Tis very useful.