I just open sourced my ‘Pull to Refresh’ library for Android. The project page, documentation and of course the code can be found on github. You’ll also find a sample project in the repository. The library is licensed with the Apache License version 2.0. There is a demo video of the sample project so you can see the animations.
Click here to go to the project page.
I added a reference to this library on my projects page.
This is the second part of the true story ‘A tale about an XSS vulnerability’. If you haven’t already, read part one here.
TL;DR: Hacker baddymcbad just hijacked superfansadmin‘s session on superfans.foo, by exploiting the vulnerable internal messaging system. At this point, baddymcbad is logged in as superfansadmin, but only for this session. He doesn’t know the username or password of the admin.
BOOM! Admin! I see an extra tab in the tabbar, named ‘Administration’. Needless to say, that’s where I go, as quickly as possible. If superfansadmin hits the logout button, he will log me out as well. Luckily, this attack was pretty stealthy. I don’t think the poor guy even knows I’m here.. Let’s see what the ‘Administration’ tab contains. I quickly save a local copy of the page for future reference. Continue reading
People like us, hackers, tend to experiment with their knowledge in the wild. Sometimes just in the spirit of learning, but also out of curiosity and having fun. If you are one of those people who have a bad taste in their mouth after saying the word ‘hacker’, please reconsider clicking on the link you just skipped. (Or here, if you’re lazy). The way I see it, hackers usually don’t cause harm, although they might break the law from time to time. This is a true story of how a company dealt with two whitehats, or greyhats if you like.
