Simon Willison’s Weblog


3 items tagged “michalzalewski”


ratproxy. “A semi-automated, largely passive web application security audit tool”—watches you browse and highlights potential XSS, CSRF and other vulnerabilities in your application. Created by Michal Zalewski at Google.

# 3rd July 2008, 2:35 pm / csrf, google, michalzalewski, proxy, ratproxy, security, testing, xss


Firefox promiscuous IFRAME access bug. Lets malicious sites “display disruptive or misleading contents in the context of an attacked site” and intercept keystrokes! The demo worked in Camino 1.5 as well. Avoid using Gecko-based browsers until this is patched?

# 6th June 2007, 10 am / camino, firefox, iframes, michalzalewski, security

Gaping holes exposed in fully-patched IE 7, Firefox (via) Michal Zalewski released a new Firefox 2.0 vulnerability in addition to the IE cookie stealing one.

# 6th June 2007, 9:57 am / firefox, ie, michalzalewski, security