Michal Zalewski, Googler:

This document is meant to provide web application developers, browser engineers, and information security researchers with a one-stop reference to key security properties of contemporary web browsers. Insufficient understanding of these often poorly-documented characteristics is a major contributing factor to the prevalence of several classes of security vulnerabilities.

Although all browsers implement roughly the same set of baseline features, there is relatively little standardization - or conformance to standards - when it comes to many of the less apparent implementation details. Furthermore, vendors routinely introduce proprietary tweaks or improvements that may interfere with existing features in non-obvious ways, and seldom provide a detailed discussion of potential problems.

From the archive:

“attacker can perform the aforementioned attack by deploying an uncooled microbolometer thermal imaging (far infrared) camera within up to approximately five to ten minutes after valid keycode entry”

A must read for anyone that works with websites.

Browser Security Handbook

“Browser Rider” is a hacking framework to build payloads that exploit the browser. The project aims to provide a powerful, simple and flexible interface to any client side exploit.

Browser Rider is not a new concept. Similar tools such as BeEF or Backframe exploited the same concept. However most of the other existing tools out there are unmainted, not updated and not documented. Browser Rider wants to fill those gaps by providing a better alternative.

This is neat. Check out the video and the online demo. Also the source is available.

Browser Rider - A hacking framework for browser exploitation

In short

Stored (persistent) XSS: Filtered
Reflected (non-persistent) XSS
DOM-Based: Partial
In tag: No
In Javascript: No
In [tag] parameter: Filtered
In HTML: Filtered
HTTP Response Splitting: No*

* HTTP Response Splitting can used to switch XSS filter of via X-XSS-Protection header.

Breaking the IE8 XSS Filter

In what could be the most awesome technological doohickey to come out of this election cycle, CNN is having its correspondents show up in the CNN Election Center AS HOLOGRAMS!

"CNN will have 44 cameras and 20 computers in each remote location to capture 360-degree imaging data of the person being interviewed. Images are processed and projected by computers and cameras in New York. There'll also be plasma TVs in Chicago and Phoenix that will let the people being interviewed see Blitzer and other CNN correspondents. [CNN Senior Vice President David] Bohrman says the network can project two different views from each city so Blitzer can appear to be in the studio with two holograms."

No more via satellite? Now via hologram.

You're my only hope CNN

National Cyber Forensics Training Alliance

The FBI on Friday boasted that its two-year long undercover operation against users of the crime forum DarkMarket netted 56 arrests worldwide and prevented $70 million in economic losses, publicly acknowledging the sting for the first time.

...

DarkMarket members believed the site was operated from Eastern Europe, despite a 2006 warning from uber-hacker Max Ray Butler, known then as Iceman and Aphex. Butler cracked the site's server and announced that he'd caught Master Splynter logging in from the NCFTA's office on the banks of the Monongahela River. Butler ran a site of his own, and the warning was generally dismissed as inter-forum rivalry. " even when Butler was arrested in San Francisco last year on credit card fraud charges, and shipped to Pittsburgh for prosecution.

I didn't know the FBI in Pittsburgh did this kind of work... I guess neither did those 56 cyber criminals.

Previous story predicting the sting operation.

56 Arrested in DarkMarket Sting, Says FBI

The USB stick CO is a mobile data storage device in a solid, brushed aluminium housing. It is special because it incorporates an extra bottle opener function combining practical data storage with a thirst-quenching aid that is always to hand. The USB stick CO has a Hi-Speed USB 2.0 connection for extra-fast data transfer (read rate: 25 MB/s, write rate 12 MB/s).

This would half the number of things deemed necessary on my key ring.

P.S. I used my Memestreams bottle opener too much and the aluminum chipped away to the point where it became unusable.

USB stick with bottle opener

I'm sure the higher-end treadmill models have better interfaces, but this one in particular uses a standard audio jack which uses encoded sounds to control the various speed and incline settings found on the treadmill. For example, playing the sound encoded for speed-3, incline-7 will set the treadmill accordingly. As you can imagine there are quite a few of these sounds. I was able to acquire these sounds after a little prying into the JavaScript for the treadmill application provided by the vendor.

Sound controlled interface?! Don't they realize that is how the Decepticons stole all our government secrets?

Controlling your Treadmill from Silverlight

Billy strikes again:

In response to all the Mass SQL Injection attacks this year, Microsoft approached HP and the Web Security Research Group (formerly SPI Labs) for assistance. While there was nothing they could patch, Microsoft wanted to provide tools to help developers find and fix these issues. After a month of development HP created Scrawlr.

Scrawlr (short for SQL Injector and Crawler) is a free tool that will crawl a website while simultaneously analyzing the parameters of each individual web page for SQL Injection vulnerabilities. Scrawlr was designed specifically to help protect against these mass injection attack which are using Google queries to find older web applications and automatically injection them. As such, Scrawlr crawls a websites using the same techniques as a search engine: it doesn’t keep state, or submit forms, or execute JavaScript or Flash. This Scrawl is finding and auditing the pages that would have been indexed by the search engines.

To reduce false positives Scrawlr provides proof of the vulnerability results by displaying the type of backend database in use and a list of available table names. There is no denying you have SQL Injection when I can show you table names!

Microsoft Advisory
HP Web Security Research Group Blog
Scrawlr Download
Scrawlr FAQ

Introduction Scrawlr: a free Crawler + SQL Injector tool

Firefox is coming to mobile. The innovation, usability, and extensibility that has propelled Firefox to 200 million users is set to do the same for Firefox in a mobile setting.

User experience is the most important aspect of having a compelling mobile product. Every bit of interaction and pixel of presentation counts when typing is laborious and screen sizes are minuscule. Many of the standard interaction models, like menus, always-present chrome, and having a cursor, don’t necessarily make sense on mobile. It’s a wickedly exciting opportunity but there are myriad challenges to getting it right.

One avenue for exploring this opportunity is through Mozilla Labs, which is about pushing the envelope towards better and brighter interaction horizons, as well as incorporating a winder community into the innovation process. This concept video explains one direction we are thinking in, and we’d love to inspire participation in thinking about other directions.

Firefox Mobile Concept Video

Today in Berlin HP announced the Voodoo Envy 133 notebook that was hinted at last week in the video teaser I posted. Voodoo is aiming to take on the MacBook Air and the Envy is ready for the bout. The Envy 133 has an LED backlit 13.3-inch screen, carbon fiber body (super lightweight), multi-touch trackpad (I just tried it out and it stinks. I’ll get a full demo later on, but there’s a short video after the jump. It pinches but doesn’t do the rotation.), built-in ethernet port into the power brick, removable battery, HDMI port, two USB ports, and an express card slot. The Envy’s starting price of $2,099 is less desirable, though. Another unique and cool feature for the Envy is Voodoo InstantOn, which allows the user to boot to a Linux screen with seconds of starting up while Vista boots in the background.

The Voodoo Envy 133 will be available for a starting price of $2,099.(1) Other key features include:
• Voodoo Aura PowerConnect – establishes a one-to-one wireless connection between the Envy 133 notebook and an Ethernet connector located on the power supply, allowing users to roam free from the wired connection.(3)
• Multiple gesture touchpad – more than a standard touchpad, the Envy 133 also provides capabilities such as a circular gesture called chiral scroll and pinch options.
• Durability – the carbon fibre casing and fused composite glass covering the display provide surprising strength and durability.
• External optical disk drive – an ID-coordinated external eSATA optical drive is included with every unit.
• Professional backlit keyboard – reminiscent of old-school tactile desktop keyboards with just enough “click” to get even the most die-hard tech enthusiast smiling.
• Ports – extensive usability via a variety of I/O ports, including headphone/microphone, HDMI, USB 2.0 (1x) and a shared e-SATA/USB (1x).

I've commented on Memestreams about the Macbook Air vs. the Lenovo X300 but now I've got to say I want a Voodoo Envy.

HP unveils Voodoo Envy 133 notebook