Profile_bird

Hey there! RSnake is using Twitter.

Twitter is a free service that lets you keep in touch with people through the exchange of quick, frequent answers to one simple question: What's happening? Join today to start receiving RSnake's tweets.

Already using Twitter
from your phone? Click here.

RSnake

  1. Best typo domain ever com.com up for grabs: http://ha.ckers.org/blog/20... 8:46 AM Nov 20th from web
  2. Add spamming and scraping to the list of problems DNS Rebinding enables: http://bit.ly/1JCJ6D/ 8:21 AM Nov 18th from web
  3. @randomdross DNS Rebinding just keeps getting worse, doesn't it: http://bit.ly/4cxuKQ/ 2:08 PM Nov 17th from web
  4. I covered quite a bit of DNS rebinding in the book. Same mitigatigations, different problems: http://bit.ly/3hxTJN 1:52 PM Nov 16th from TweetDeck
  5. @randomdross @mckt_ DNS Rebinding Session Fixation http://bit.ly/3hxTJN More to come. 1:49 PM Nov 16th from web
  6. RT @fraudloss: Randolf-Brooks Credit Union now supports depositing checks via iPhone pics of checks. 10:21 AM Nov 16th from TweetDeck
  7. @t3rmin4t0r RT @sambowne: My Defcon Talk with @rsnake is up in video http://tr.im/EYLV -- SlowLoris and SSLStrip demos 8:45 PM Nov 14th from TweetDeck
  8. @djtechnocrat right which you need to use some social engineering to exploit. XSS or redirects sent in email, etc. 2:37 PM Nov 14th from TweetDeck in reply to djtechnocrat
  9. @djtechnocrat You'd have to ask the OWASP leadership, I guess. Good question. 2:34 PM Nov 14th from TweetDeck in reply to djtechnocrat
  10. @djtechnocrat PCI is about protecting card data. Client side risks count. I do worry about removing info disclosure though, you're right. 2:28 PM Nov 14th from TweetDeck in reply to djtechnocrat
  11. @djtechnocrat Definitely. 2:15 PM Nov 14th from TweetDeck in reply to djtechnocrat
  12. @marcinw post on ha.ckers.org. Twitter is too small to have a meaningful conv. It is based on fact. No FUD, just some TBDs. 2:15 PM Nov 14th from TweetDeck in reply to marcinw
  13. @t3rmin4t0r yessir, that was my DefCon speech with Sam Bowne. My part was on Slowloris and the Iranian rebels. 1:53 PM Nov 14th from TweetDeck in reply to t3rmin4t0r
  14. @djtechnocrat Yes, that was the first part of the convo. Damned 140 chars! 1:51 PM Nov 14th from TweetDeck in reply to djtechnocrat
  15. @marcinw Their bank and their QSA. That's how PCI works and does hold water assuming they still respect OWASP top 10. 1:16 PM Nov 14th from TweetDeck in reply to marcinw
  16. @tomaszmiklas yeah, well I thought it was only 2 rebinding ideas but I came up w/ a 3rd. I'll write some posts soon. 7:43 PM Nov 13th from TweetDeck in reply to tomaszmiklas
  17. @marcinw Dunno how their payment stuff works at all. You may be right but it's ultimately up to Google's bank and their QSA. 2:47 PM Nov 13th from TweetDeck in reply to marcinw
  18. @mayscript Oh, whoops, misread. got it. Well it wasn't me who built the list. Talk to the #OWASP guys. 12:00 PM Nov 13th from TweetDeck in reply to mayscript
  19. @mayscript SQLi is a joke? That's a new one. Do you really believe that? 11:58 AM Nov 13th from TweetDeck in reply to mayscript
  20. @securityninja I have no idea what you're talking about. Google is a super neato advertizing empire. 8:27 AM Nov 13th from TweetDeck in reply to securityninja