Account Collision on Twitter?
So, here’s an interesting tidbit for all you aspiring Twitter hackers . . . As some of you may know, the OWASP DC Chapter just announced that the US AppSec for 2009 will be hosted in Washington DC this coming November. In preparation for this, I had registered a twitter account, @AppSecDC the day before on the 21st. All seemed well, but as I was waiting to make the announcement, and wanted the account to remain “invisible” from the twitter stream, I didn’t make any tweets on it. I did however enter the account information into several different twitter clients …
An Introduction to NoScript
If you’ve been sleeping through the past weekend, you probably haven’t heard about “Mikeyy” and the Cross-Site Scripting worms which have been plaguing Twitter. Saving ranting and rhetoric for a separate post, an ethical reaction to this is to attempt to educate people as to how they can protect themselves from things like this in the future. Since I am often extolling the virtues of NoScript, and routinely suggest it as a counter measure, I figured this would be a good time to write up a tutorial on the subject (and I’ve gotten several requests for it as well). NoScript …