Shawn Lauriat's Profile

About Me:

Last 10 Comments

1

Thank you for this. I had commented as such on Bruce Schneier's blog link to which Brian Chess had replied somewhat to the effect that I had misunderstood how the attack worked, but it really does just seem to me that they found a quick and easy way of parsing the result of an already successful CSRF attack.
Posted in /blog/2007/apr/javascript-hijacking.

Fri, 06 Apr 2007 at 12:15:43: Link

Stats

Member Since: 06 Apr 2007
Comments: 1

Web Site

Blog Posts

Top 5 Blog Posts

Save the Internet with rev="canonical"

10 Apr 2009
62 Comments

My Amazon Anniversary

15 Mar 2007
41 Comments

Allowing HTML and Preventing XSS

14 Mar 2007
66 Comments

addslashes() Versus mysql_real_escape_string()

22 Jan 2006
69 Comments

Google XSS Example

21 Dec 2005
36 Comments

Top 5 Articles

Security Corner: Cross-Site Request Forgeries

13 Dec 2004
75 Comments

The Truth about Sessions

15 Dec 2003
77 Comments

Foiling Cross-Site Attacks

14 Oct 2003
68 Comments

Guru Speak: Storing Sessions in a Database

14 Dec 2004
60 Comments

Guru Speak: How to Avoid "Page Has Expired" Warnings

21 Oct 2004
48 Comments

Work and Books

Analog A web design and development co-operative
Essential PHP Security O'Reilly, 2005
HTTP Developer's Handbook Sams, 2003

Footer