Terence Eden’s Blog

The Unsecured State Part 2 - EduBase XSS (Disclosed & Fixed)

gove security Unsecured State xss · 5 comments · 500 words · Viewed ~1,496 times

This is part 2 of a series of blog posts looking at the security of the UK Government's web infrastructure. Many XSS flaws rely on altering the GET parameters of a request. Some webmasters seem to think that if their forms only use POST they will be immune from the XSS. This is not the case. Don't Press This Button Pressing this button will send a POST request to the Department of…

Continue reading →

The Unsecured State Part 1 - UK Parliament XSS Flaw (Disclosed & Fixed)

parliament security Unsecured State xss · 3 comments · 600 words · Viewed ~1,670 times

This is part 1 of a series of blog posts looking at the security of the UK Government's web infrastructure. The UK Parliament website is pretty great. It houses a huge amount of historical information, lets people easily see what's happening in the Commons and the Lords, and is run by some really clever people. That's why it's so depressing to see such a basic error as this XSS flaw in their …

Continue reading →

Make Facebook (and other sites) Less Annoying Using CSS

css design facebook usability · 400 words · Viewed ~933 times

I'm really late to the party on this one - so this blog post is mostly an aide-mémoire. The web is built on three fundamental components: HTML - the structure of the page. CSS - how the page is styled. JavaScript - the interactivity. Typically, the website owner sets up the CSS to say links are blue, headlines are big, images have borders etc. etc. Users, however, can over-ride …

Continue reading →