blackbeard archives
CSS browser history hack without javascript: “Using a hybrid of a:visited and display: attribute you can detect that the user has visited a page and more importantly perform an action based on that fact. Setting the background: image attribute for the visible tag to use a URL of a logging CGI script allows you to send a request to a remote webserver.. [allowing you to] steal history information from the user without ever once using JavaScript”. Demo. (via Blackbeard)
“The first day ended with myself and a technical staff member from the Church of Jesus Christ of Latter-Day Saints – not exactly who you’d expect to end up competing at the end of the first day of the biggest security conference in the planet.”Jordan Wiens, in a post about winning a web application security contest, in which David “Blackbeard” Lindsay, one of the Church’s lead QA engineers, made it into the semifinals