serhii.net LINKS BLOG!

categories: Infosec/Web security

• Stealth Post Exploitation Framework: PhpSploit
• Troy Hunt: Your login form posts to HTTPS, but you blew it when you loaded it over HTTP
• Zombiehelp54: SQL injection in an UPDATE query - a bug bounty story!
• Browser Autofill Phishing
• The Line of Death (Security UI) – text/plain
• Stealing passwords from McDonald's users - Tijme Gommers
• 5
• Cult Of Russian Underground - Private Russian Project
• Persistent XSS In Verizon
• "SO I LOST MY NAS PASSWORD" password recovery
• A Lesson In Timing Attacks (or, Don’t use MessageDigest.isEquals) @ codahale.com
• How To Safely Store A Password @ codahale.com