AndrewNohawk

Month: March 2010

CodingSecurity

Persistent XSS: more than a popup :)

So a while ago I asked if I was allowed to play with http://www.bravadogaming.com/ and I got a positive response, I kinda looked around at their custom CMS,  didnt see anything immediately available, playing with cookies, changing values here and there, got some SQL errors on http://www.bravadogaming.com/articles/%27%20OR%201=1%20#/ but nothing really spectacular: I looked around some…

Coding

NLP/NER: First views

So recently we have really been struggling at work with NLP/tags/phrases relating to a specific person/phrase. For example, you put down something like “Maltego” and you would like it to return things like the company (Paterva),  Information mining, Open source forensics, etc etc So i started looking around for NER/NLP API’s online and i found…

Security

ZaCon ’09

So we had a little security con here in .za (South Africa), www.zacon.org.za – basically an uncon styled conference: An unconference is a facilitated, participant-driven conference centered around a theme or purpose. The term “unconference” has been applied, or self-applied, to a wide range of gatherings that try to avoid one or more aspects of…