tl;dr; I found a bug in Google Chrome that allows an attacker to listen on the user speech without any consent from the user and without any indication. Even blocking any access to the microphone under chrome://settings/content will not remedy this flaw. Try the live demo… (Designed »
tl;dr I stumbled upon some CSRF flaws in a very popular e-commerce website. CSRF flaws are generally overlooked and the only way for you as the user to minimize the risk is to logout from a website after you finished using it. This will limit the window of being »
[Update: Some of these examples were mitigated in Chrome 38 and 39] After seeing in the previous post how Data-URIs can be used as a mechanism to easily carry malicious code, I’ll elaborate more about the issues it presents. Some of it merely exists from the way Data-URIs are »
What an awesome format is SVG, so powerful and so well supported by browsers. And yet it is barely being used, it’s not getting the love it deserves. Well, browsers love SVG, perhaps too much… SVG files are like little bundles of joy. Encapsulating graphics, animations and logic. One »
iPhone Don’t jailbreak, a not jailbroken iPhone is a pretty secure device. Use PIN code Settings -> General -> Passcode* *(and not something like 1234) Make sure data is really encrypted – default since iPhone 4 (which have hardware encryption). If you have an older version go to Settings -> »