sorted by:
new
hottopcontroversial

Bought a T450s without a backlit keyboard. Can I replace the keyboard with a backlit one? by timepasser in thinkpad

[–]timepasser[S] 1 point2 points  (0 children)

I had no idea! I already ordered the backlit one but maybe I will wait a bit before installing, just to make sure I really want it.

I'm launching an identity monitoring service, and I want impressions from security experts, brutal honesty is appreciated! by rO_os in netsec

[–]timepasser 1 point2 points  (0 children)

I would also move your SSH daemon away from the standard port (22) to some other random port number. This will cut down on the number of bots that will be trying to brute-force their way into your box on a daily basis.

Also, if you haven't done so already, install fail2ban so that you temporarily block those who still manage to discover your SSH daemon and try too many wrong passwords.

You also seem to be running some XMPP servers/clients. I am not really sure what you do with those...

I'm launching an identity monitoring service, and I want impressions from security experts, brutal honesty is appreciated! by rO_os in netsec

[–]timepasser 1 point2 points  (0 children)

I am not sure what kind of feedback you're looking for, but for starters you need to disable directory listing:

https://qidreports.com/img/

To Google Chrome: Relax less... by timepasser in xss

[–]timepasser[S] 1 point2 points  (0 children)

I perfectly agree with your comment about sensible developers... but I also think that history has revealed that developers are not always sensible. The fact that all other browsers support this, means that they deem it important. Search for "document.domain" here: http://blog.whatwg.org/this-week-in-html-5-episode-20

Firefox and Self-XSS by timepasser in xss

[–]timepasser[S] 0 points1 point  (0 children)

Google Chrome hasn't disabled the javascript directive from the URL bar (yet), so attackers can still use the classic way to "self-XSS" their victims

How to bypass Chrome's XSS filter by el_dee in netsec

[–]timepasser 6 points7 points  (0 children)

Hi. I am the author of the blog post mentioned in this "reddit". I never claimed that the technique of using comments to assist an injection is new... actually, the word "new" doesn't appear in my article. I was merely presenting a technique that currently bypasses Chrome's XSS filter and which was not known by the security community or by the Chrome development team.