~ Early Web Links ~

Dominic White's technical blog dives into browser privacy and tracking vulnerabilities, with this post investigating how the Evercookie persistent tracking mechanism operates on iOS MobileSafari and embedded WebKit apps. The research reveals significant privacy gaps in Apple's mobile platform and offers practical steps for jailbroken iPhone users to defend against supercookies.

Written by Claus Schmidt in 2005, this technical article exposes the '302 page hijack' exploit, a method by which malicious webmasters could use server redirects to displace competitors' pages from search engine results. It covers how the attack works, which search engines were vulnerable, and practical precautions both victims and potential hijackers can take.

Dig Deeper is a privacy and security-focused resource site covering browser selection, spyware testing, email providers, VPNs, darknet setup, and critiques of major software like Mozilla and various search engines. The site goes deep into practical guides and opinion pieces on digital autonomy, making it a substantial destination for anyone serious about escaping surveillance and corporate tech.

Christian Cleberg is a Technology Assurance Manager at KPMG who publishes technical guides, AWS security auditing posts, and personal projects through this minimalist personal site. Recent posts focus on auditing AWS IAM users, passwords, and S3 buckets, making it a useful stop for cloud security and IT assurance content.

Sqlninja is an open-source penetration testing tool designed to exploit SQL Injection vulnerabilities in web applications backed by Microsoft SQL Server, automating the process of gaining remote access to vulnerable database servers. Created by 'icesurfer', it includes attack modules, a Metasploit wrapper, DNS tunneling for data extraction, and even a hidden Easter Egg that streams music.

GNUCITIZEN is a security research blog by pdp and collaborators, focused on exposing web vulnerabilities including UPnP exploitation, XSS attacks, and router reconfiguration weaknesses. This 2008 post details a serious design-level flaw allowing UPnP to be abused across the web without XSS, making it a compelling read for anyone interested in network security research.

Maxwell S. Fritz's personal site covers their work and interests in cybersecurity, software engineering, telecommunications, and amateur radio, with a strong emphasis on privacy as a fundamental human right. Visitors will find links to projects, a directory, updates, and connections to webrings like The Hacker Webring and IndieWeb Webring.

SecurityXploded is an information security research organization offering in-depth technical articles on topics like ARP spoofing, flooding, and poisoning alongside over 200 free security and password recovery tools. This particular article dives into network-layer attack techniques including MITM attacks and ARP cache manipulation, making it a valuable reference for security professionals and enthusiasts alike.

Created by Freerk, this comprehensive tutorial covers dozens of techniques for bypassing internet censorship, including proxies, shell accounts, JAP, and circumventing blocked ports in schools, workplaces, and countries with restrictive filtering. It documents specific censorware products like NetNanny, WebSense, and DansGuardian, making it a rare and detailed reference for anyone facing restricted internet access.

The personal site of bad.download, a tech-industry professional who writes about cybersecurity, privacy, digital preservation, and generative AI models. Minimal but thoughtful in scope, it features links to personal projects like a Discord bot using GPT-4 Vision alongside old-school web nostalgia banners for Firefox, AIM, and WinRAR.