Tweets
-
W00t W00t, Facebook Security Brochure, With
@NealPoole@isciurus pic.twitter.com/DEdjlFreRr -
Ladies & Gentlemen California’s very own NEAL POOLE is finisher #60 (time to write some checks!) in Ruby.
-
Meet the BugCrowd! Bug Hunter Profile of Neal Poole
@NealPoole http://blog.bugcrowd.com/meet-the-bugcrowd-bughunter-profile-of-neal-poole-nealpoole/ … via@bugcrowd -
Why can't everyone just respect RFC2142 http://www.ietf.org/rfc/rfc2142.txt ? security@<domain> 12 Emails, 8 Delivery Status Notification (Failure)
-
I reported https://www.google.com/search?q=site%3Alinode.com+inurl%3Aopengear … (and similar URLs) to Linode. Hosts not publicly accessible anymore. Anyone know what the risk was?
-
Logic for Hackers: new course this spring at Brown. http://cs.brown.edu/courses/csci1950-y.html …
-
@superevr@kkotowicz@testalways@bugcrowd@securityshell I'm sad I'm not in Vegas this year! I'll be moving to SF that day. -
@adam_baldwin@randomdross Plus http://blog.kotowicz.net/2012/07/codeigniter-210-xssclean-cross-site.html … from@kkotowicz / https://nealpoole.com/blog/2013/07/xss-filter-bypass-in-validator-nodejs-module/ … (validator code is based on CodeIgniter) -
Also stop using the xss_clean function.
@kkotowicz and others have been finding bypasses for long enough. ;-) -
If you're using the xss_clean function from CodeIgniter and haven't upgraded to 2.1.4, do it now! https://nealpoole.com/blog/2013/07/codeigniter-21-xss-clean-filter-bypass/ …
-
Hire my friend! Someone I rate is looking to change job
#javascript#datavis#challenges http://www.hiremyfriend.io/profiles/6aead60234c7dd498efc844dd4d492e4?by=nealpoole … via@hiremyfriendhq -
@bascule 4096 bit “XAES” and 2048 bit RSA. Seems legit. -
There are amazing people helping make the dream of the
@nodesecurity project a reality! <3 bridging the security and dev communities! -
CVE-2013-1297 from Microsoft: apparently IE6-8 could access JSON cross-domain via vbscript | http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1297 …
-
@timdpeacock@zethraeus On a slightly related note, I'm a huge fan of https://github.com/mattdiamond/fuckitjs … -
@timdpeacock@zethraeus Anything is possible with enough special characters! -
Jealous of PRISM? Use "Amazon 1 Button" Chrome extension to sniff all HTTPS websites! http://blog.kotowicz.net/2013/07/jealous-of-prism-use-amazon-1-button.html …
-
@timdpeacock Very interesting paper. As VRPs mature, I'm sure we'll see a lot of very interesting research on their impact. -
2,5 years later *.google.com is now nearly XSS free. MTFB (mean time to find bug) > 3-4 weeks
Nir Goldshlager
Thomas H. Ptacek
bugcrowd
Luca Carettoni
Neal Poole
ShriramKrishnamurthi
joe sullivan
Adam Baldwin
kkotowicz
Nils Juenemann
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.