Simon Willison's Weblog: michal-zalewskihttp://simonwillison.net/2008-07-03T14:35:25+00:00Simon Willisonratproxy2008-07-03T14:35:25+00:002008-07-03T14:35:25+00:00https://simonwillison.net/2008/Jul/3/ratproxy/#atom-tag
<p><strong><a href="http://code.google.com/p/ratproxy/">ratproxy</a></strong></p>
“A semi-automated, largely passive web application security audit tool”—watches you browse and highlights potential XSS, CSRF and other vulnerabilities in your application. Created by Michal Zalewski at Google.
<p>Tags: <a href="https://simonwillison.net/tags/csrf">csrf</a>, <a href="https://simonwillison.net/tags/google">google</a>, <a href="https://simonwillison.net/tags/michal-zalewski">michal-zalewski</a>, <a href="https://simonwillison.net/tags/proxies">proxies</a>, <a href="https://simonwillison.net/tags/ratproxy">ratproxy</a>, <a href="https://simonwillison.net/tags/security">security</a>, <a href="https://simonwillison.net/tags/testing">testing</a>, <a href="https://simonwillison.net/tags/xss">xss</a></p>
Firefox promiscuous IFRAME access bug2007-06-06T10:00:21+00:002007-06-06T10:00:21+00:00https://simonwillison.net/2007/Jun/6/firefox/#atom-tag
<p><strong><a href="http://lcamtuf.coredump.cx/ifsnatch/">Firefox promiscuous IFRAME access bug</a></strong></p>
Lets malicious sites “display disruptive or misleading contents in the context of an attacked site” and intercept keystrokes! The demo worked in Camino 1.5 as well. Avoid using Gecko-based browsers until this is patched?
<p>Tags: <a href="https://simonwillison.net/tags/camino">camino</a>, <a href="https://simonwillison.net/tags/firefox">firefox</a>, <a href="https://simonwillison.net/tags/iframes">iframes</a>, <a href="https://simonwillison.net/tags/michal-zalewski">michal-zalewski</a>, <a href="https://simonwillison.net/tags/security">security</a></p>
Gaping holes exposed in fully-patched IE 7, Firefox2007-06-06T09:57:55+00:002007-06-06T09:57:55+00:00https://simonwillison.net/2007/Jun/6/gaping/#atom-tag
<p><strong><a href="http://blogs.zdnet.com/security/?p=254">Gaping holes exposed in fully-patched IE 7, Firefox</a></strong></p>
Michal Zalewski released a new Firefox 2.0 vulnerability in addition to the IE cookie stealing one.
<p><small></small>Via <a href="http://blog.outer-court.com/archive/2007-06-06-n84.html">blog.outer-court.com</a></small></p>
<p>Tags: <a href="https://simonwillison.net/tags/firefox">firefox</a>, <a href="https://simonwillison.net/tags/internet-explorer">internet-explorer</a>, <a href="https://simonwillison.net/tags/michal-zalewski">michal-zalewski</a>, <a href="https://simonwillison.net/tags/security">security</a></p>