~ Early Web Links ~

Mike's digital garden at Shellsharks covers infosec research, technology, and personal life across a richly interconnected set of blogs, notebooks, and logs. A self-described 'Internet homesteader,' Mike has built an expansive personal web presence complete with a podcast, linklog, devlog, and Fediverse integration that makes it a compelling destination for security-minded web explorers.

Written by Claus Schmidt in 2005, this technical article exposes the '302 page hijack' exploit, a method by which malicious webmasters could use server redirects to displace competitors' pages from search engine results. It covers how the attack works, which search engines were vulnerable, and practical precautions both victims and potential hijackers can take.

The Web Application Security Consortium (WASC) is a 501c3 nonprofit bringing together international security experts to produce open-source best-practice standards for web application security. The site hosts technical documentation, security guidelines, threat classifications, a web hacking incidents database, and collaborative research projects used by developers, governments, and security professionals worldwide.

CGISecurity.com bills itself as the oldest application security site online, predating OWASP, and covers topics ranging from XSS and CSRF to cryptography, web application firewalls, and vulnerability research. Run by Robert Auger, the site offers advisories, research papers, security tool roundups, and a deep archive of industry news and commentary stretching back to 2001.

An archived post from the Full Disclosure security mailing list, documenting a critical SMB2.0 vulnerability in Windows Vista and Windows 7 discovered by Laurent Gaffié in 2009. The post includes a proof-of-concept Python script that triggers a remote Blue Screen of Death by sending a malformed SMB header, making it a valuable historical reference for security researchers.

Matt is a UK sysadmin who runs this ever-evolving personal site covering infosec, the indieweb movement, and life both on and offline. The site features multiple custom themes, a changelog documenting its evolution, technical guides, and a curated collection of favourite corners of the internet to explore.

Dominic White's technical blog dives into browser privacy and tracking vulnerabilities, with this post investigating how the Evercookie persistent tracking mechanism operates on iOS MobileSafari and embedded WebKit apps. The research reveals significant privacy gaps in Apple's mobile platform and offers practical steps for jailbroken iPhone users to defend against supercookies.

The personal weblog of Martin Johns (aka Maddin), a security researcher whose posts focus on web security topics including CSRF protection, XSS detection, DNS rebinding, Firefox extensions, and OWASP conference coverage. It offers a window into early-to-late 2000s browser security research, with references to tools like NoScript, LocalRodeo, noXSS, and XSSDS that Johns developed or contributed to.