For the best experience on desktop, install the Chrome extension to track your reading on news.ycombinator.com
Hacker Newsnew | past | comments | ask | show | jobs | submit | history | fromregister
Setting up PHP-FastCGI and nginx? Don’t trust the tutorials. (nealpoole.com)
1 point by WhiteDawn on Jan 28, 2014 | past
XSS Filter Bypass in validator Node.js Module (nealpoole.com)
2 points by _vvdf on July 5, 2013 | past
CSRF Token Disclosure in Coinbase (nealpoole.com)
2 points by wglb on June 4, 2013 | past
(Unpatched) Reflected XSS in JW Player 5 (nealpoole.com)
1 point by wglb on April 16, 2013 | past
Bad Changes to eBay’s Responsible Disclosure Policy (nealpoole.com)
1 point by tshtf on March 18, 2013 | past
How Hard Is It To Blacklist A Java Applet? (nealpoole.com)
2 points by wglb on Jan 24, 2013 | past
Preventing CSRF Attacks with AJAX and HTTP Headers (nealpoole.com)
39 points by swah on Aug 25, 2012 | past | 4 comments
CSRF, Clickjacking, and the Role of X-Frame-Options (nealpoole.com)
1 point by tshtf on July 25, 2012 | past
Security Vulnerabilities in Popular Flash Applets (SWFUpload, Plupload) (nealpoole.com)
2 points by nbpoole on May 17, 2012 | past
Twitter White Hat Vulnerabilities (nealpoole.com)
1 point by wglb on April 14, 2012 | past
CSRF, Clickjacking, and the Role of X-Frame-Options (nealpoole.com)
1 point by wglb on March 31, 2012 | past
Directory Traversal via PHP Multi-File Uploads (nealpoole.com)
1 point by dominis on March 9, 2012 | past
Java Deployment Toolkit Plugin Does Not Validate Installer Executable (nealpoole.com)
1 point by wglb on Oct 27, 2011 | past
Java Deployment Toolkit Plugin Does Not Validate Installer Executable (nealpoole.com)
2 points by wglb on Oct 18, 2011 | past | 1 comment
Java Applet Same-Origin Policy Bypass via HTTP Redirect (nealpoole.com)
1 point by wglb on Oct 18, 2011 | past
Directory Traversal via PHP Multi-File Uploads (nealpoole.com)
8 points by wglb on Oct 3, 2011 | past | 1 comment
XSS Filters can be used to bypass clickjacking (scroll down to point 3) (nealpoole.com)
8 points by simonw on Aug 26, 2011 | past | 2 comments
Lessons from Facebook's Security Bug Bounty Program (nealpoole.com)
3 points by nbpoole on Aug 25, 2011 | past
Arbitrary Code Execution with Null Bytes, PHP, and Old Versions of nginx (nealpoole.com)
5 points by nbpoole on Aug 24, 2011 | past
Safari for Windows handles text/plain content improperly (CVE-2010-1420) (nealpoole.com)
2 points by wglb on Aug 22, 2011 | past
Cross-Site Scripting? In PHP Notices? It's more likely than you think (nealpoole.com)
43 points by nbpoole on Aug 18, 2011 | past | 14 comments
File uploads allow for cross-site scripting in Wordpress (nealpoole.com)
1 point by nbpoole on April 27, 2011 | past | 1 comment
Avoiding Arbitrary Code Execution with nginx and php-fastcgi (nealpoole.com)
61 points by nbpoole on April 8, 2011 | past | 15 comments
Directory Traversal / Local File Inclusion on addons.mozilla.org (nealpoole.com)
2 points by nbpoole on Feb 10, 2011 | past | 1 comment
How Does Cross-Site Scripting Become Arbitrary Code Execution? (nealpoole.com)
3 points by nbpoole on Jan 31, 2011 | past
Preventing CSRF Attacks with AJAX and HTTP Headers (nealpoole.com)
6 points by wglb on Jan 22, 2011 | past | 2 comments
HTTP Response Splitting Vulnerability on reddit.com (nealpoole.com)
80 points by there on Jan 15, 2011 | past | 26 comments
Reports from Google’s Vulnerability Reward Program (nealpoole.com)
10 points by nbpoole on Dec 18, 2010 | past
Hacking Google Calendar (nealpoole.com)
25 points by dfield on Dec 1, 2010 | past | 5 comments

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search:

HN For You