Slavco's Blog

Speaking at LanfestMk

2011-05-18T13:54:00Z

I'll be a speaker at LanfestMK Fri May 20-th 16:00h. I'll be speaking about - "Beautiful web and web crawlers". What will be covered with the presentation: - Will cover practice for presenting content on the web ( possibilities with html5 ) - Web crawlers ( what components they have and how they work ) - Proposals for having ultimate design for best user experience using HTML5 and protecting the online content from web crawlers. - Examples / Demo Target: - Web developers ...(read more)

using IE for ( CSRF ) file upload

2010-11-08T09:20:00Z

Last days I was playing/debuging around with IE 8 and come to interesting issue / feature on IE itself :) .I wasn't able to find any another example like this one so i decide to blog about it. What's the point? It seems that IE doesn't escape the variable names => guide us t try to upload file on the remote servers that doesn't have CSRF protection or better to use this in case we want to submit some form into any format using client browser IE 8 ( should work on any versions of...(read more)

Секјурити на македонски начин #fail !

2010-09-30T00:49:00Z

Ова е мој прв блог пост на мкедонски јазик. Минатиов период гледам дека македонскиот блог АјТи ком мк често пишува по некоја си сторија за секЈурити и гледам дека се под капата од некоја си компанија за секЈурити нуланаука лаб! Дечки пред да кажувате и хакирате од дедо ное неапдејтирани сајтови зошто не си прегледате во вашиот луксузен двор осигуран кај секЈурити фирма? вашиот систем е комплетно небезбеден и мислам дека е неправилно да јавувате ранливости на владини институции и останати сајтови...(read more)

Outlook Web Access 2007 CSRF Vulnerability

2010-09-01T23:46:00Z

Yup there it is in the wild for quite long time. In case some of the sys-admins doesn't notice community warnings here it is another one. Yes it is true, Outlook web access 2007 is exploitable - CSRF vulnerable. video : http://www.exploit-db.com/videos/owa2007v2/index.html exploit: http://www.exploit-db.com/exploits/14285/ much more detailed on http://sites.google.com/site/tentacoloviola/pwning-corporate-webmails and greetings to Rosario Valotta :) Happy upgrading :D...(read more)

nginx, FastCGI Mono server and ASP.NET love triangle on Windows

2010-01-23T13:58:00Z

Here I'll explain my successful playing with nginx, fastcgi mono server and asp.net on Windows XP operating system bringing closer development environment for .NET web applications that need to be deployed under Linux/Mono . First step by step explanation of each term and why is chosen. Operating System Microsoft Windows XP SP3. You will get the point why in next component :) . nginx web server Why nginx ? Nginx is one of a handful of servers written to address the C10K problem . Unlike...(read more)

Making Facebook secure place - FQL security issue

2009-12-29T17:50:00Z

Last weekend I was lucky to notice on line “hacker” challenge - Miracle on Thirty-Hack Street . I tough let me try this challenge …
I start solving the puzzle and then I got more than a solution of the task. Final conclusion was the following :
I have no privacy from FQL developers on Facebook ( anyone with Facebook account can use FQL ) . They can see my data without being in my friend list … :(.

...(read more)