Hacker News
- Put.io API design issues https://miki.it/blog/2015/8/10/put-io-api-design-issues/ 8 comments
- Abusing JSONP with Rosetta Flash http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/ 15 comments
- XSS in Google Finance http://miki.it/blog/2013/7/30/xss-in-google-finance/ 37 comments
- The power of DNS rebinding: stealing WiFi passwords with a website https://miki.it/blog/2015/4/20/the-power-of-dns-rebinding-stealing-wifi-passwords-with-a-website/ 17 comments programming
- The power of DNS rebinding: stealing WiFi passwords with a website https://miki.it/blog/2015/4/20/the-power-of-dns-rebinding-stealing-wifi-passwords-with-a-website/ 76 comments netsec
- Adobe fixed Rosetta Flash today http://miki.it/blog/2014/8/15/adobe-really-fixed-rosetta-flash-today/ 13 comments netsec
- Abusing JSONP with Rosetta Flash http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/ 8 comments netsec
- Mailbox.app executes Javascript in email bodies http://miki.it/blog/2013/9/24/mailboxapp-javascript-execution/ 7 comments netsec
- [Writeup] XSRF and Cookie manipulation on google.com http://miki.it/blog/2013/9/15/xsrf-cookie-setting-google/ 9 comments netsec
- XSS in Google Finance ($5k) http://miki.it/blog/2013/7/30/xss-in-goog 3 comments netsec