example using Chris Shiflett's CSRF redirector
http://shiflett.org/csrf.php?csrf=http://www.last.fm/shoutbox/&message=[message content]&restype=4&resid=[user id here]&lang=en
this forces the target to post on the shoutbox of the user with the specified user id.
I emailed Last.FM about this months ago and got no response.
Saturday, November 10, 2007
cool, my anti-xss rules made it into the Firekeeper default ruleset
for those that don't know, Firekeeper is a (still beta) browser-based IDS/IPS for Firefox. My rules are over on the firekeeper site now, and they are included by default.
Wednesday, August 15, 2007
over-centralization is bad for security
http://pagead2.googlesyndication.com/pagead/show_ads.js
Nearly every site on the internet is running this javascript. This is bad. Very bad. If anyone wanted to XSS pretty much the entire internet, that's the file he'd have to replace. I really hope that nobody at Google has a change of morals. Not to mention google-analytics and doubleclick put even more situations like this out there. It'd be the biggest XSS in history, nearly every single Myspace and Youtube and pretty much every other user on the planet attacked. You could launch the world's biggest ddos using Javascript. I would hope that google never gets hacked. For now, I'm using noscript to block doubleclick and googlesyndication and google-analytics, and I'd recommend the same or similar to anyone else.
Nearly every site on the internet is running this javascript. This is bad. Very bad. If anyone wanted to XSS pretty much the entire internet, that's the file he'd have to replace. I really hope that nobody at Google has a change of morals. Not to mention google-analytics and doubleclick put even more situations like this out there. It'd be the biggest XSS in history, nearly every single Myspace and Youtube and pretty much every other user on the planet attacked. You could launch the world's biggest ddos using Javascript. I would hope that google never gets hacked. For now, I'm using noscript to block doubleclick and googlesyndication and google-analytics, and I'd recommend the same or similar to anyone else.
Sunday, August 12, 2007
if you're going to be a speaker at a conference, get your facts right.
especially about security.
oh hi, SECURITY FOR HUMAN BEINGS by Kees Cook (who works on security for Ubuntu at Canonical) at OSCON2007. He got most everything right, he seems like a smart guy, this Kees Cook fellow. Perhaps he could've held the microphone a bit closer, it was damned hard to hear him. But mostly, he was right. Except about one crucial detail. He started talking about CSRF. While he got most of the details right, he made the classic mistake of telling people that using POST instead of GET requests will solve your problem. Even the wikipedia article on CSRF explains this to be incorrect:
I didn't say anything because I didn't want my eyes scooped out by the rabid Ubuntu fans' iPhones. I don't hold this against Mr. Cook, he's not a web application person, and therefore does not need to worry about CSRF and whatnot in his day-to-day activities, but I still think he should've done better research. This is bad, a room full of about 40-50 potential web application developers, very few of which had even HEARD of CSRF a few moments before by a show of hands were misinformed. I'm disturbed by this. Tools like Chris Shiflett's CRSF redirector are easily capable translating GET into POST.
the guy that came after him in that same room, Chris Shiflett (who works at OmniTI and has published some books on the matter of web application security) did a much better job with his "Security 2.0" session. I enjoyed that. It wasn't earth-shatteringly groundbreaking or anything, but it was quite nice. He also, like Cook, talked about CSRF, like Cook, and was quite clear in mentioning tokens based on sessionids and whatnot and provided quite adequate advice against CSRF. Thanks, Mr. Shiflett. Hopefully the people that stayed in the room from Mr. Cook's session were properly corrected, but many people had moved on to see other talks.
oh hi, SECURITY FOR HUMAN BEINGS by Kees Cook (who works on security for Ubuntu at Canonical) at OSCON2007. He got most everything right, he seems like a smart guy, this Kees Cook fellow. Perhaps he could've held the microphone a bit closer, it was damned hard to hear him. But mostly, he was right. Except about one crucial detail. He started talking about CSRF. While he got most of the details right, he made the classic mistake of telling people that using POST instead of GET requests will solve your problem. Even the wikipedia article on CSRF explains this to be incorrect:
Contrary to popular belief, using POST instead of GET does not offer sufficient protection. JavaScript can be used to forge POST requests with ease.
I didn't say anything because I didn't want my eyes scooped out by the rabid Ubuntu fans' iPhones. I don't hold this against Mr. Cook, he's not a web application person, and therefore does not need to worry about CSRF and whatnot in his day-to-day activities, but I still think he should've done better research. This is bad, a room full of about 40-50 potential web application developers, very few of which had even HEARD of CSRF a few moments before by a show of hands were misinformed. I'm disturbed by this. Tools like Chris Shiflett's CRSF redirector are easily capable translating GET into POST.
the guy that came after him in that same room, Chris Shiflett (who works at OmniTI and has published some books on the matter of web application security) did a much better job with his "Security 2.0" session. I enjoyed that. It wasn't earth-shatteringly groundbreaking or anything, but it was quite nice. He also, like Cook, talked about CSRF, like Cook, and was quite clear in mentioning tokens based on sessionids and whatnot and provided quite adequate advice against CSRF. Thanks, Mr. Shiflett. Hopefully the people that stayed in the room from Mr. Cook's session were properly corrected, but many people had moved on to see other talks.
my current personal firekeeper ruleset
# firekeeper xss alerter.
# javascript: uri schemes in GET requests
alert(url_content:"javascript:"; url_content:"http"; nocase; msg:"javascript: GET request cross site scripting attempt"; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;)
alert(url_content:"mocha:"; url_content:"http"; nocase; msg:"mocha: GET request cross site scripting attempt"; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;)
alert(url_content:"livescript:"; url_content:"http"; nocase; msg:"livescript: GET request cross site scripting attempt"; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;)
# normalish html tags using %3C and %3E in GET requests
alert(url_content:"%3CSCRIPT"; nocase; msg:"<script> tags GET request cross site scripting attempt"; url_re:"/%3Cscript.*%3E/i"; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;)
alert(url_content:"%3CIMG"; nocase; msg:"<img> tags GET request cross site scripting attempt"; url_re:"/%3Cimg.*%3E/i"; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;)
alert(url_content:"%3Ciframe"; nocase; msg:"<iframe> tags GET request cross site scripting attempt"; url_re:"/%3Ciframe.*%3E/i"; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;)
alert(url_content:"%3Ciframe"; nocase; msg:"malformed <iframe< tags GET request cross site scripting attempt"; url_re:"/%3Ciframe.*%3C/i"; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;)
alert(url_content:"%3Cbody"; nocase; msg:"<body> tags GET request cross site scripting attempt"; url_re:"/%3Cbody.*%3E/i"; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;)
alert(url_content:"%3CINPUT"; nocase; msg:"<input> tags GET request cross site scripting attempt"; url_re:"/%3CINPUT.*%3E/i"; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;)
alert(url_content:"%3CBGSOUND"; nocase; msg:"<bgsound> tags GET request cross site scripting attempt"; url_re:"/%3CBGSOUND.*%3E/i"; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;)
alert(url_content:"%3CBR"; nocase; msg:"<br> tags GET request cross site scripting attempt"; url_re:"/%3Cbr.*%3E/i"; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;)
alert(url_content:"%3Clayer"; nocase; msg:"<layer> tags GET request cross site scripting attempt"; url_re:"/%3Clayer.*%3E/i"; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;)
alert(url_content:"%3Clink"; nocase; msg:"<link> tags GET request cross site scripting attempt"; url_re:"/%3Clink.*%3E/i"; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;)
alert(url_content:"%3Cstyle"; nocase; msg:"<style> tags GET request cross site scripting attempt"; url_re:"/%3Cstyle.*%3E/i"; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;)
alert(url_content:"%3Cmeta"; nocase; msg:"<meta> tags GET request cross site scripting attempt"; url_re:"/%3Cmeta.*%3E/i"; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;)
alert(url_content:"%3Cframe"; nocase; msg:"<frame> tags GET request cross site scripting attempt"; url_re:"/%3Cframe.*%3E/i"; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;)
alert(url_content:"%3Ctable"; nocase; msg:"<table> tags GET request cross site scripting attempt"; url_re:"/%3Ctable.*%3E/i"; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;)
alert(url_content:"%3Cdiv"; nocase; msg:"<div> tags GET request cross site scripting attempt"; url_re:"/%3Cdiv.*%3E/i"; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;)
alert(url_content:"%3Ctd"; nocase; msg:"<td> tags GET request cross site scripting attempt"; url_re:"/%3Ctd.*%3E/i"; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;)
alert(url_content:"%3Ca"; nocase; msg:"<a> tags GET request cross site scripting attempt"; url_re:"/%3Ca.*%3E/i"; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;)
alert(url_content:"%3Cbase"; nocase; msg:"<base> tags GET request cross site scripting attempt"; url_re:"/%3Cbase.*%3E/i"; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;)
alert(url_content:"%3Cobject"; nocase; msg:"<object> tags GET request cross site scripting attempt"; url_re:"/%3Cobject.*%3E/i"; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;)
alert(url_content:"%3Capplet"; nocase; msg:"<applet> tags GET request cross site scripting attempt"; url_re:"/%3Capplet.*%3E/i"; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;)
alert(url_content:"%3Cembed"; nocase; msg:"<embed> tags GET request cross site scripting attempt"; url_re:"/%3Cembed.*%3E/i"; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;)
alert(url_content:"%3Cxml"; nocase; msg:"<xml> tags GET request cross site scripting attempt"; url_re:"/%3Cxml.*%3E/i"; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;)
alert(url_content:"%3Cspan"; nocase; msg:"<span> tags GET request cross site scripting attempt"; url_re:"/%3Cspan.*%3E/i"; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;)
alert(url_content:"%3Chtml"; nocase; msg:"<html> tags GET request cross site scripting attempt"; url_re:"/%3Chtml*%3E/i"; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;)
alert(url_content:"%3Ct:set"; nocase; msg:"<t:set> tags GET request cross site scripting attempt"; url_re:"/%3Ct:set*%3E/i"; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;)
# suspicious HTML-looking input.
alert(url_content:"%3C"; url_content:"%22"; url_content:"%3E"; msg:"Suspicious looking GET request containing %3C, %3E, and %22. Suspiciously HTML-like."; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;)
alert(url_content:"%3C"; url_content:"%2F"; url_content:"%3E"; msg:"Suspicious looking GET request containing %3C, %3E, and %2F. Suspiciously HTML-like."; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;)
alert(url_content:"%3C"; url_content:"'"; url_content:"%3E"; msg:"Suspicious looking GET request containing %3C, %3E, and '. Suspiciously HTML-like."; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;)
alert(url_content:"%3C"; url_content:"="; url_content:":"; url_content:"%3E"; msg:"Suspicious looking GET request containing %3C, %3E, :, and =. Suspiciously HTML-like."; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;)
# IE hax.
alert (msg:"smuggling Javascript inside an image"; headers_content:"image"; nocase; headers_re:"/^Content-Type.*image/mi"; body_re:"/<script/i";)
# Chrome:// hax.
alert (msg:"Chrome:// access."; body_content:"chrome://"; nocase; body_re:"/<\w*.src=\"*'*chrome:\/\//i"; reference:url,http://www.0x000000.com/?i=417; reference:url,https://bugzilla.mozilla.org/show_bug.cgi?id=292789; reference:url,http://ha.ckers.org/blog/20070516/read-firefox-settings-poc/;)
# javascript: uri schemes in GET requests
alert(url_content:"javascript:"; url_content:"http"; nocase; msg:"javascript: GET request cross site scripting attempt"; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;)
alert(url_content:"mocha:"; url_content:"http"; nocase; msg:"mocha: GET request cross site scripting attempt"; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;)
alert(url_content:"livescript:"; url_content:"http"; nocase; msg:"livescript: GET request cross site scripting attempt"; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;)
# normalish html tags using %3C and %3E in GET requests
alert(url_content:"%3CSCRIPT"; nocase; msg:"<script> tags GET request cross site scripting attempt"; url_re:"/%3Cscript.*%3E/i"; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;)
alert(url_content:"%3CIMG"; nocase; msg:"<img> tags GET request cross site scripting attempt"; url_re:"/%3Cimg.*%3E/i"; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;)
alert(url_content:"%3Ciframe"; nocase; msg:"<iframe> tags GET request cross site scripting attempt"; url_re:"/%3Ciframe.*%3E/i"; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;)
alert(url_content:"%3Ciframe"; nocase; msg:"malformed <iframe< tags GET request cross site scripting attempt"; url_re:"/%3Ciframe.*%3C/i"; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;)
alert(url_content:"%3Cbody"; nocase; msg:"<body> tags GET request cross site scripting attempt"; url_re:"/%3Cbody.*%3E/i"; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;)
alert(url_content:"%3CINPUT"; nocase; msg:"<input> tags GET request cross site scripting attempt"; url_re:"/%3CINPUT.*%3E/i"; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;)
alert(url_content:"%3CBGSOUND"; nocase; msg:"<bgsound> tags GET request cross site scripting attempt"; url_re:"/%3CBGSOUND.*%3E/i"; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;)
alert(url_content:"%3CBR"; nocase; msg:"<br> tags GET request cross site scripting attempt"; url_re:"/%3Cbr.*%3E/i"; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;)
alert(url_content:"%3Clayer"; nocase; msg:"<layer> tags GET request cross site scripting attempt"; url_re:"/%3Clayer.*%3E/i"; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;)
alert(url_content:"%3Clink"; nocase; msg:"<link> tags GET request cross site scripting attempt"; url_re:"/%3Clink.*%3E/i"; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;)
alert(url_content:"%3Cstyle"; nocase; msg:"<style> tags GET request cross site scripting attempt"; url_re:"/%3Cstyle.*%3E/i"; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;)
alert(url_content:"%3Cmeta"; nocase; msg:"<meta> tags GET request cross site scripting attempt"; url_re:"/%3Cmeta.*%3E/i"; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;)
alert(url_content:"%3Cframe"; nocase; msg:"<frame> tags GET request cross site scripting attempt"; url_re:"/%3Cframe.*%3E/i"; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;)
alert(url_content:"%3Ctable"; nocase; msg:"<table> tags GET request cross site scripting attempt"; url_re:"/%3Ctable.*%3E/i"; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;)
alert(url_content:"%3Cdiv"; nocase; msg:"<div> tags GET request cross site scripting attempt"; url_re:"/%3Cdiv.*%3E/i"; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;)
alert(url_content:"%3Ctd"; nocase; msg:"<td> tags GET request cross site scripting attempt"; url_re:"/%3Ctd.*%3E/i"; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;)
alert(url_content:"%3Ca"; nocase; msg:"<a> tags GET request cross site scripting attempt"; url_re:"/%3Ca.*%3E/i"; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;)
alert(url_content:"%3Cbase"; nocase; msg:"<base> tags GET request cross site scripting attempt"; url_re:"/%3Cbase.*%3E/i"; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;)
alert(url_content:"%3Cobject"; nocase; msg:"<object> tags GET request cross site scripting attempt"; url_re:"/%3Cobject.*%3E/i"; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;)
alert(url_content:"%3Capplet"; nocase; msg:"<applet> tags GET request cross site scripting attempt"; url_re:"/%3Capplet.*%3E/i"; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;)
alert(url_content:"%3Cembed"; nocase; msg:"<embed> tags GET request cross site scripting attempt"; url_re:"/%3Cembed.*%3E/i"; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;)
alert(url_content:"%3Cxml"; nocase; msg:"<xml> tags GET request cross site scripting attempt"; url_re:"/%3Cxml.*%3E/i"; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;)
alert(url_content:"%3Cspan"; nocase; msg:"<span> tags GET request cross site scripting attempt"; url_re:"/%3Cspan.*%3E/i"; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;)
alert(url_content:"%3Chtml"; nocase; msg:"<html> tags GET request cross site scripting attempt"; url_re:"/%3Chtml*%3E/i"; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;)
alert(url_content:"%3Ct:set"; nocase; msg:"<t:set> tags GET request cross site scripting attempt"; url_re:"/%3Ct:set*%3E/i"; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;)
# suspicious HTML-looking input.
alert(url_content:"%3C"; url_content:"%22"; url_content:"%3E"; msg:"Suspicious looking GET request containing %3C, %3E, and %22. Suspiciously HTML-like."; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;)
alert(url_content:"%3C"; url_content:"%2F"; url_content:"%3E"; msg:"Suspicious looking GET request containing %3C, %3E, and %2F. Suspiciously HTML-like."; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;)
alert(url_content:"%3C"; url_content:"'"; url_content:"%3E"; msg:"Suspicious looking GET request containing %3C, %3E, and '. Suspiciously HTML-like."; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;)
alert(url_content:"%3C"; url_content:"="; url_content:":"; url_content:"%3E"; msg:"Suspicious looking GET request containing %3C, %3E, :, and =. Suspiciously HTML-like."; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;)
# IE hax.
alert (msg:"smuggling Javascript inside an image"; headers_content:"image"; nocase; headers_re:"/^Content-Type.*image/mi"; body_re:"/<script/i";)
# Chrome:// hax.
alert (msg:"Chrome:// access."; body_content:"chrome://"; nocase; body_re:"/<\w*.src=\"*'*chrome:\/\//i"; reference:url,http://www.0x000000.com/?i=417; reference:url,https://bugzilla.mozilla.org/show_bug.cgi?id=292789; reference:url,http://ha.ckers.org/blog/20070516/read-firefox-settings-poc/;)
Subscribe to:
Posts (Atom)
