LiveOverflow | The Age of Universal XSS @LiveOverflow | Uploaded 2 years ago | Updated 3 hours ago
In August 1996, Internet Explorer joined the JavaScript security scene after they added JScript. During this era from around 1996-2000, tons of bugs were found what we would call today "Universal Cross-site Scripting". I find this word confusing, but looking back at the history, we can try to make sense of it.
Jabadoo Security Hole in Explorer 4.0: seclists.org/bugtraq/1997/Oct/85
Aleph One on Jabadoo: seclists.org/bugtraq/1997/Oct/87
Georgi Guninski "IE can read local files": seclists.org/bugtraq/1998/Sep/47
Georgi's Resume (HIRE HIM!): https://j.ludost.net/resumegg.pdf
"Cross-frame security policy": seclists.org/bugtraq/2000/Jan/93
Episode 01 - First JS Bug: youtube.com/watch?v=bSJm8-zJTzQ
Episode 02 - Three JS Security Researcher: youtube.com/watch?v=VtcA58555lY
Episode 03:
00:00 - Intro to the "Age of Universal XSS"
01:16 - JavaScript Security in Netscape 1996
01:52 - JScript Vulnerability in Internet Explorer
03:38 - Georgi Guninski: IE can read local files (1998)
05:12 - Who is Georgi Guninski?
06:36 - Georgi Guninski: IE 5 circumventing cross-frame security policy
09:41 - David Ross from Microsoft about Georgi
10:16 - "Cross-Frame" Browser Bugs
11:17 - Universal Cross-Site Scripting
12:15 - Outro
-=[ ❤️ Support ]=-
→ per Video: patreon.com/join/liveoverflow
→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: twitter.com/LiveOverflow
→ Instagram: instagram.com/LiveOverflow
→ Blog: liveoverflow.com
→ Subreddit: reddit.com/r/LiveOverflow
→ Facebook: facebook.com/LiveOverflow
In August 1996, Internet Explorer joined the JavaScript security scene after they added JScript. During this era from around 1996-2000, tons of bugs were found what we would call today "Universal Cross-site Scripting". I find this word confusing, but looking back at the history, we can try to make sense of it.
Jabadoo Security Hole in Explorer 4.0: seclists.org/bugtraq/1997/Oct/85
Aleph One on Jabadoo: seclists.org/bugtraq/1997/Oct/87
Georgi Guninski "IE can read local files": seclists.org/bugtraq/1998/Sep/47
Georgi's Resume (HIRE HIM!): https://j.ludost.net/resumegg.pdf
"Cross-frame security policy": seclists.org/bugtraq/2000/Jan/93
Episode 01 - First JS Bug: youtube.com/watch?v=bSJm8-zJTzQ
Episode 02 - Three JS Security Researcher: youtube.com/watch?v=VtcA58555lY
Episode 03:
00:00 - Intro to the "Age of Universal XSS"
01:16 - JavaScript Security in Netscape 1996
01:52 - JScript Vulnerability in Internet Explorer
03:38 - Georgi Guninski: IE can read local files (1998)
05:12 - Who is Georgi Guninski?
06:36 - Georgi Guninski: IE 5 circumventing cross-frame security policy
09:41 - David Ross from Microsoft about Georgi
10:16 - "Cross-Frame" Browser Bugs
11:17 - Universal Cross-Site Scripting
12:15 - Outro
-=[ ❤️ Support ]=-
→ per Video: patreon.com/join/liveoverflow
→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: twitter.com/LiveOverflow
→ Instagram: instagram.com/LiveOverflow
→ Blog: liveoverflow.com
→ Subreddit: reddit.com/r/LiveOverflow
→ Facebook: facebook.com/LiveOverflow
