Search



SpiderLabs Services
Resources

Research Stats

Categories

Security Advisories

Trustwave Press Releases

WTF Feed

22 April 2013

Accidental Stored XSS Flaw in Zemanta "Related Posts" Plugin for TypePad

Note that the vulnerability described here was fixed by Zemanta.

It all started innocently enough  

I was here in the TypePad editor working on a new web honeypot blog post about some XSS attacks we were seeing when, BOOM, my browser was suddently redirected to the hxxp://www.txt2pic.com website.  What the heck just happened?!?  I clicked back in my browser to take me back to the TypePad editor session.  Then, a few moments later... I was redirected yet again.  Something was seriously wrong here.  I sat there for a moment with a blank stare on my face as my mind quickly ran through different scenarios of what could be happening when it suddenly hit me.  Wait a minute, that URL (hxxp://www.txt2pic.com) was familiar.  

Continue reading "Accidental Stored XSS Flaw in Zemanta "Related Posts" Plugin for TypePad" »

Posted by on 22 April 2013 at 12:51 in Application Security, Security Research, WTF | | Comments (1)

27 August 2012

PTJ Undermines Your Blinky Light Box

So, you just bought that fancy new box with the blinky lights that’s supposed to somehow keep you safe from the bad guys. While it is true that some of these machines run on unicorn blood and fairy dust, they still don’t keep you safe from stupidity, or even worse – laziness.

Continue reading "PTJ Undermines Your Blinky Light Box" »

Posted by on 27 August 2012 at 08:37 in Penetration Testing, WTF | | Comments (0)

21 August 2012

DEF CON 20: French Fry, Pizza, or Rotten Apples?

If you currently do a search online for a female’s perspective about DEF CON, everything is coming up sexual harassment.  I’ve been asked a dozen times about my experiences in the past week alone and I can’t say anything overly negative about it.  But that’s my experience.  Mine.  A small percentage might be because I’m not about to take anyone’s guff, part of it has to do with the people I surround myself with, but mostly using common sense saves me every time.  Common sense is a wonderful thing and if you use it, you can still have a good time.  The biggest problem is that there are going to be jerks aka rotten apples, both male and female, at any venue you attend be it a hacker conference, the neighborhood bar, a friend’s 4th of July party, or on a date, et nauseum.  And it’s making me angry that complaining is winning out over problem solving.

Continue reading "DEF CON 20: French Fry, Pizza, or Rotten Apples?" »

Posted by on 21 August 2012 at 12:27 in Conferences, WTF | | Comments (1)