For my master thesis I developed an extension of the JavaScript engine in Mozilla Firefox to detect possible XSS attacks. After finishing my thesis I tried to find a way to give it back to Mozilla. First I tried the homepage to find out where I could send the patch/details to. Because there is no such contact information I tried the irc-channels.
There were some nice people who tried to help me by suggesting I had to file a "bug" (that is actually a feature request) in the bugzilla bug tracking system. They also told me that they would possible only accept patches to trunk (whereas my patch was against a pre-1.0 version when 1.5 was the current official version) and that they would possibly expect me to work on the patch. When I told them that I won't have time in the future or at least couldn't guarantee to have time to work on it (perhaps some people in my former institute would be able to help) they started to flame me that it isn't possible worth the time if I'm not willing to work on it:-)
Probably they were right because the "bug" states it is "Assigned To: Nobody; OK to take it and work on it":-)
My Debian Sarge for my server in my livingrooms runs on a USB Stick (8GB). The stick was pretty expensive, but now the server is really silent. Other disks are in it as well, but only run when I access them (seldom enough).
It is a pretty standard install of Debian Sarge without a swap space (it has 512 MB ram), but usb and scsi drivers in the initrd image.
It is somehow slow because the stick is slow even with USB 2.0, but I think it is worth it. Because most applications write not very often I think that it will last long enough until the sticks are cheap, big and fast enough as a hd replacement.
In my master thesis I implemented a solution in the mozilla firefox web browser that protects the surfing user. It analyzes the data access and data flow in the JavaScript engine of the web browser.
Although it is only a prototype of an implementation (in a rather old version of firefox), it shows the potential of this solution to stop XSS attacks.
Slashdot Mirror
For my master thesis I developed an extension of the JavaScript engine in Mozilla Firefox to detect possible XSS attacks. After finishing my thesis I tried to find a way to give it back to Mozilla. First I tried the homepage to find out where I could send the patch/details to. Because there is no such contact information I tried the irc-channels. There were some nice people who tried to help me by suggesting I had to file a "bug" (that is actually a feature request) in the bugzilla bug tracking system. They also told me that they would possible only accept patches to trunk (whereas my patch was against a pre-1.0 version when 1.5 was the current official version) and that they would possibly expect me to work on the patch. When I told them that I won't have time in the future or at least couldn't guarantee to have time to work on it (perhaps some people in my former institute would be able to help) they started to flame me that it isn't possible worth the time if I'm not willing to work on it :-)
Probably they were right because the "bug" states it is "Assigned To: Nobody; OK to take it and work on it" :-)
My Debian Sarge for my server in my livingrooms runs on a USB Stick (8GB). The stick was pretty expensive, but now the server is really silent. Other disks are in it as well, but only run when I access them (seldom enough).
It is a pretty standard install of Debian Sarge without a swap space (it has 512 MB ram), but usb and scsi drivers in the initrd image.
It is somehow slow because the stick is slow even with USB 2.0, but I think it is worth it. Because most applications write not very often I think that it will last long enough until the sticks are cheap, big and fast enough as a hd replacement.
In my master thesis I implemented a solution in the mozilla firefox web browser that protects the surfing user. It analyzes the data access and data flow in the JavaScript engine of the web browser.
NoMoXSS (no more XSS)
http://www.seclab.tuwien.ac.at/projects/jstaint/
Although it is only a prototype of an implementation (in a rather old version of firefox), it shows the potential of this solution to stop XSS attacks.