For the best experience on desktop, install the
Chrome extension
to track your reading on news.ycombinator.com
×
Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
|
history
|
from
register
The sad state of DOM security (or how we all ruled Mario's challenge) (2011)
(
kotowicz.net
)
1 point
by
_urga
on Sept 24, 2019
|
past
“Amazon 1 Button” Chrome extension to sniff all your websites (2013)
(
kotowicz.net
)
14 points
by
nwrk
on Aug 22, 2017
|
past
|
1 comment
XSS in Gmail through Rapportive
(
kotowicz.net
)
110 points
by
xSwag
on Dec 28, 2013
|
past
|
13 comments
Use "Amazon 1 Button" Chrome extension to sniff all HTTPS websites
(
kotowicz.net
)
516 points
by
jamzed
on July 12, 2013
|
past
|
58 comments
Chrome addons hacking: Bye Bye AdBlock filters
(
kotowicz.net
)
137 points
by
necenzurat
on March 28, 2012
|
past
|
55 comments
Stripping HTTP referrer for client-side CSRF
(
kotowicz.net
)
1 point
by
bluesmoon
on Oct 24, 2011
|
past
Cross-domain 'content extraction' using fake captcha and iframe
(
kotowicz.net
)
3 points
by
Terretta
on July 6, 2011
|
past
How to upload arbitrary file contents cross-domain
(
kotowicz.net
)
1 point
by
steilpass
on April 29, 2011
|
past
Who's behind Facebook clickjacking scams?
(
kotowicz.net
)
5 points
by
DeusExMachina
on March 17, 2011
|
past
|
1 comment
XSS-Track: Hijacking a whole website with a single XSS vulnerability.
(
kotowicz.net
)
2 points
by
nathanhammond
on Nov 6, 2010
|
past
Analysis of New Generation Facebook Worm
(
kotowicz.net
)
1 point
by
NathanKP
on Aug 31, 2010
|
past
5 ways to prevent clickjacking on your website (and why they suck)
(
kotowicz.net
)
1 point
by
jyothi
on Dec 29, 2009
|
past
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
×
HN For You
Display Mode
Highlight
Top
Only
Debug mode
Sign Out
API Key:
Connect
Create an account
to get your API key.
