Profile_bird

Hey there! RSnake is using Twitter.

Twitter is a free service that lets you keep in touch with people through the exchange of quick, frequent answers to one simple question: What's happening? Join today to start receiving RSnake's tweets.

Already using Twitter
from your phone? Click here.

RSnake

  1. Mmm... Thanksgiving π! about 19 hours ago from web
  2. A watched MD5 hash never cracks. 1:40 PM Nov 25th from TweetDeck
  3. Don't click that bikini http://ha.ckers.org/blog/20... 2:44 PM Nov 23rd from web
  4. Best typo domain ever com.com up for grabs: http://ha.ckers.org/blog/20... 8:46 AM Nov 20th from web
  5. Add spamming and scraping to the list of problems DNS Rebinding enables: http://bit.ly/1JCJ6D/ 8:21 AM Nov 18th from web
  6. @randomdross DNS Rebinding just keeps getting worse, doesn't it: http://bit.ly/4cxuKQ/ 2:08 PM Nov 17th from web
  7. I covered quite a bit of DNS rebinding in the book. Same mitigatigations, different problems: http://bit.ly/3hxTJN 1:52 PM Nov 16th from TweetDeck
  8. @randomdross @mckt_ DNS Rebinding Session Fixation http://bit.ly/3hxTJN More to come. 1:49 PM Nov 16th from web
  9. RT @fraudloss: Randolf-Brooks Credit Union now supports depositing checks via iPhone pics of checks. 10:21 AM Nov 16th from TweetDeck
  10. @t3rmin4t0r RT @sambowne: My Defcon Talk with @rsnake is up in video http://tr.im/EYLV -- SlowLoris and SSLStrip demos 8:45 PM Nov 14th from TweetDeck
  11. @djtechnocrat right which you need to use some social engineering to exploit. XSS or redirects sent in email, etc. 2:37 PM Nov 14th from TweetDeck in reply to djtechnocrat
  12. @djtechnocrat You'd have to ask the OWASP leadership, I guess. Good question. 2:34 PM Nov 14th from TweetDeck in reply to djtechnocrat
  13. @djtechnocrat PCI is about protecting card data. Client side risks count. I do worry about removing info disclosure though, you're right. 2:28 PM Nov 14th from TweetDeck in reply to djtechnocrat
  14. @djtechnocrat Definitely. 2:15 PM Nov 14th from TweetDeck in reply to djtechnocrat
  15. @marcinw post on ha.ckers.org. Twitter is too small to have a meaningful conv. It is based on fact. No FUD, just some TBDs. 2:15 PM Nov 14th from TweetDeck in reply to marcinw
  16. @t3rmin4t0r yessir, that was my DefCon speech with Sam Bowne. My part was on Slowloris and the Iranian rebels. 1:53 PM Nov 14th from TweetDeck in reply to t3rmin4t0r
  17. @djtechnocrat Yes, that was the first part of the convo. Damned 140 chars! 1:51 PM Nov 14th from TweetDeck in reply to djtechnocrat
  18. @marcinw Their bank and their QSA. That's how PCI works and does hold water assuming they still respect OWASP top 10. 1:16 PM Nov 14th from TweetDeck in reply to marcinw
  19. @tomaszmiklas yeah, well I thought it was only 2 rebinding ideas but I came up w/ a 3rd. I'll write some posts soon. 7:43 PM Nov 13th from TweetDeck in reply to tomaszmiklas
  20. @marcinw Dunno how their payment stuff works at all. You may be right but it's ultimately up to Google's bank and their QSA. 2:47 PM Nov 13th from TweetDeck in reply to marcinw