Three JavaScript Security Legends

2022-09-04

[public] 27.9K views, 2.53K likes, dislikes audio only

In this video we talk about the first JavaScript vulnerabilities in 1997, and how the field was dominated by three "XSS" legends.

Bugtraq 1997 - LoVerso: https://seclists.org/bugtraq/1997/Jun/88

LoVerso Website: https://web.archive.org/web/19970607122219/http://www.osf.org/~loverso/javascript/

LoVerso dir.html PoC: https://web.archive.org/web/19970607185809/http://www.osf.org/~loverso/javascript/dir.html

Tasty Bits from the Technology Front: https://web.archive.org/web/19970803213858/http://www.tbtf.com/archive/02-27-96.html

TBTF about Netscae 2.0b3: https://web.archive.org/web/19970803220511/http://www.tbtf.com/archive/12-02-95.html

Scott Weston on TBTF: https://web.archive.org/web/19970803220702/http://www.tbtf.com/resource/b2-privacy-bug.html

Bugtraq about Bug Bounty 1995: https://seclists.org/bugtraq/1995/Oct/12

Episode 01: /youtube/video/bSJm8-zJTzQ

Episode 03: /youtube/video/gVblb-QhZa4

Episode 02:

00:00 - Intro

00:45 - First JavaScript Vulnerability

02:00 - John Robert LoVerso

03:19 - First Directory Browse Vulnerability

04:16 - Comparison to My Exploit

05:13 - John Tennyson

05:44 - Tasty Bits from the Technology

06:16 - Netscape's Bug Bounty

06:48 - Scott Weston history stealing

08:12 - The Three Legends of JavaScript Security

08:59 - The Year 1996

09:31 - JavaScript can't claim to be secure

10:25 - ECMAScript: JavaScript Specification

11:13 - Next Episode Teaser

-=[ ❤️ Support ]=-

→ per Video: https://www.patreon.com/join/liveoverflow

→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

-=[ 🐕 Social ]=-

→ Twitter: https://twitter.com/LiveOverflow/

→ Instagram: https://instagram.com/LiveOverflow/

→ Blog: https://liveoverflow.com/

→ Subreddit: https://www.reddit.com/r/LiveOverflow/

→ Facebook: https://www.facebook.com/LiveOverflow/