Cheat And Win - myActiveSG

Test your Tennis HTTP knowledge with the ActiveSG Tennis Quiz Challenge and stand to win a chance get up close and personal with your WTA Star or a pair of tickets to the WTA Semi Finals! 1 2 3 POST /projects/gyro/tennis_quiz_challenge/score.php HTTP/1.1 Content-Type: application ...

Verifying JS Integrity

Yesterday, a CDN was hacked and malicious JS was served to a number of domains. Most websites make use of CDNs to serve up JS so as to reduce page load time. How do we protect ourselves from such attacks? I posed a similar question on Sec.SE some time ...

Adding hostnames or PTR records to piwik

If you are using piwik and desire to know exactly where your website visitors come from, this hack will allow you to display the hostname or PTR record beside the IP addresses on the piwik dashboard. The Ip2Hostname plugin logs down the visitor's hostname in an additional column but ...

Negative space

Sometimes, the lack of information is valuable information. The Washington Post reports that according to unnamed current and former US officials, the CIA pulled "a number of officers" from the US Embassy in Beijing as a precautionary measure following the breach — precisely because their names would not appear in State ...

Hacking Dropbox Space Race (NUS Style)

Disclaimer This post is for educational purposes only. If you succeed in getting NUS banned from future Dropbox space races, you will singlehandedly incur the wrath of all current and future NUS students. Honestly, I couldn't care less. In 2012, students from MIT hacked dropbox space race by mass ...

First Cyberinsurance claim?

I first came across the term cyberinsurance earlier this year while attending an information session in DC. At that point, it was suggested that there needs to be a benchmark that takes into account the cyber risks that companies are facing, for it to be feasible for insurance companies to ...