Categories

security (88)

• Dismantling BullGuard Antivirus’ online protection July 6
• Exploiting Bitdefender Antivirus: RCE from any website June 22
• Does Signal’s “secure value recovery” really work? June 16
• What data does Xiaomi collect about you? May 8
• Are Xiaomi browsers spyware? Yes, they are… May 4
• Read More »

mozilla (50)

• A grim outlook on the future of browser add-ons August 31
• Mozilla and Opera remove Avast extensions from their add-on stores, what will Google do? December 3
• Dear Mozilla, please stop spamming! April 3
• Google to developers: We take down your extension, because we can July 3
• The Firefox Accounts authentication zoo March 27
• Read More »

off-topic (29)

• Präsentation über Digitalisierung und soziale Interaktion August 16
• Validating news stories: Syrian oil October 23
• Don’t forget to check the facts – because nobody else will May 31
• Closed my LinkedIn account June 8
• Random thoughts on democracy and Russian presidential election March 12
• Read More »

password-managers (21)

• PfP: Pain-free Passwords security review September 26
• Recognizing basic security flaws in local password managers August 12
• Various RememBear security issues July 8
• Bogus security mechanisms: Encrypting localhost traffic April 11
• Should you be concerned about LastPass uploading your passwords to its server? March 18
• Read More »

gecko (17)

• Easy Passwords released as a Web Extension July 17
• Is undetectable ad blocking possible? April 19
• Introducing Easy Passwords: the new best way to juggle all those passwords April 19
• Using WebExtensions APIs in a “classic” extension October 15
• A systematic approach to MDN documentation? December 4
• Read More »

antivirus (16)

• Dismantling BullGuard Antivirus’ online protection July 6
• Exploiting Bitdefender Antivirus: RCE from any website June 22
• McAfee WebAdvisor: From XSS in a sandboxed browser extension to administrator privileges February 25
• Insights from Avast/Jumpshot data: Pitfalls of data anonymization February 18
• Avast’s broken data anonymization approach January 27
• Read More »

privacy (15)

• What data does Xiaomi collect about you? May 8
• Are Xiaomi browsers spyware? Yes, they are… May 4
• Insights from Avast/Jumpshot data: Pitfalls of data anonymization February 18
• Avast’s broken data anonymization approach January 27
• Avast complies to respect users’ privacy January 8
• Read More »

xul (10)

• XULRunner in large projects, part 4: Localization pitfalls July 17
• XULRunner in large projects, part 3: Bugs, bugs, and more bugs July 5
• XULRunner in large projects, part 2: Why XULRunner isn’t like Java July 4
• XULRunner in large projects, part 1: What is that “XULRunner” thingy, anyway? July 2
• AMO getting serious about add-on security November 14
• Read More »

adblock-plus (9)

• Links for my SINFO 25 presentation March 2
• Taking a break from Adblock Plus development December 20
• How bad is a buffer overflow in an Emscripten-compiled application? April 23
• Is undetectable ad blocking possible? April 19
• Which is better, Adblock or Adblock Plus? July 29
• Read More »

pfp (9)

• PfP: Pain-free Passwords security review September 26
• Implementing safe sync functionality in a server-less extension March 8
• Easy Passwords is now PfP: Pain-free Passwords February 7
• Easy Passwords released as a Web Extension July 17
• Implementing efficient PBKDF2 for the browser October 25
• Read More »

private (9)

• New job again September 2
• Status update August 26
• New job June 15
• Moving again May 16
• Getting back to Oslo March 1
• Read More »

avast (6)

• Insights from Avast/Jumpshot data: Pitfalls of data anonymization February 18
• Avast’s broken data anonymization approach January 27
• Pwning Avast Secure Browser for fun and profit January 13
• Avast complies to respect users’ privacy January 8
• Mozilla and Opera remove Avast extensions from their add-on stores, what will Google do? December 3
• Read More »

kaspersky (6)

• More Kaspersky vulnerabilities: uninstalling extensions, user tracking, predictable links November 27
• Assorted Kaspersky vulnerabilities November 27
• Internal Kaspersky API exposed to websites November 26
• Kaspersky: The art of keeping your keys under the door mat November 25
• Kaspersky in the Middle – what could possibly go wrong? August 19
• Read More »

add-ons (5)

• A grim outlook on the future of browser add-ons August 31
• State of the art protection in Chrome Web Store September 9
• Safari extension format (.safariextz) explained August 17
• “Unloading” frame scripts in restartless extensions November 19
• Extension security and add-on stores February 25

google (4)

• A grim outlook on the future of browser add-ons August 31
• Mozilla and Opera remove Avast extensions from their add-on stores, what will Google do? December 3
• Google to developers: We take down your extension, because we can July 3
• The ticking time bomb: Fake ad blockers in Chrome Web Store April 18

lastpass (4)

• Should you be concerned about LastPass uploading your passwords to its server? March 18
• Is your LastPass data really safe in the encrypted online vault? July 9
• LastPass: Security done wrong March 23
• More Last Pass security vulnerabilities September 16

challenge (3)

• BBN challenge resolution: Getting the flag from a browser extension December 17
• BBN challenge resolution: Exploiting the Screenshotter.PRO browser extension December 10
• BBN challenge resolutions: “A properly secured parameter” and “Exploiting a static page” November 28

hugo (3)

• Added Webmention support to the blog September 3
• The easier way to use lunr search with Hugo June 4
• Switching my blog to a static site generator April 4

os-x (3)

• Safari extension format (.safariextz) explained August 17
• Crazy hacks: Changing Wine key mappings on Mac OS X February 14
• Solution to a problem nobody has: Changing Total Commander application icon February 13

tomtom (3)

• Making modal dialogs work on Mac OS X September 15
• TomTom HOME and add-ons March 17
• New job June 15

website (3)

• Added Webmention support to the blog September 3
• The easier way to use lunr search with Hugo June 4
• Switching my blog to a static site generator April 4

crypto (2)

• Does Signal’s “secure value recovery” really work? June 16
• Should your next web-based login form avoid sending passwords in clear text? October 25

jquery (2)

• PSA: jQuery is bad for the security of your project March 2
• Why you probably want to disable jQuery.parseHTML even though you don’t call it August 30

jsdeobfuscator (2)

• JavaScript Deobfuscator reloaded July 17
• Deobfuscating JavaScript January 12

mcafee (2)

• McAfee WebAdvisor: From XSS in a sandboxed browser extension to administrator privileges February 25
• Rendering McAfee web protection ineffective December 2

wine (2)

• Crazy hacks: Changing Wine key mappings on Mac OS X February 14
• Solution to a problem nobody has: Changing Total Commander application icon February 13

xiaomi (2)

• What data does Xiaomi collect about you? May 8
• Are Xiaomi browsers spyware? Yes, they are… May 4

aol (1)

• Yahoo! and AOL: Where two-factor authentication makes your account less secure March 9

avira (1)

• Problematic monetization in security products, Avira edition December 11

bitdefender (1)

• Exploiting Bitdefender Antivirus: RCE from any website June 22

bugbounty (1)

• If your bug bounty program is private, why do you have it? December 10

bullguard (1)

• Dismantling BullGuard Antivirus’ online protection July 6

docker (1)

• Getting published Docker container ports to work with IPv6 January 5

emscripten (1)

• Compiling C++ to JavaScript: Emscripten vs. Cheerp February 5

remembear (1)

• Bogus security mechanisms: Encrypting localhost traffic April 11

signal (1)

• Does Signal’s “secure value recovery” really work? June 16

songbird (1)

• New job again September 2

verizon (1)

• Yahoo! and AOL: Where two-factor authentication makes your account less secure March 9

yahoo (1)

• Yahoo! and AOL: Where two-factor authentication makes your account less secure March 9