Profile

Cover photo
Egor Homakov
Lives in Everywhere, but mostly Bangkok
693 followers|7,145,816 views
AboutPostsPhotosReviews

Stream

Egor Homakov

Shared publicly  - 
 
New blog
New posts will be published on  http://sakurity.com/blog  and less likely here. I will probably translate some good old ones from Egor-English to English. Thanks everyone for reading this!
New posts will be published on http://sakurity.com/blog and less likely here. I will probably translate some good old ones from Egor-English to English. Thanks everyone for reading this!
1
Add a comment...

Egor Homakov

Shared publicly  - 
 
Blatant CSRF in Doorkeeper, most popular OAuth2 gem
I read a post about CSRF on DigitalOcean on Habrahabr (it's in Russian O_o) by Sergey Belove . My first reaction was, obviously, HOW COME? DigitalOcean is not kind of a Rails app that would have lame "skip_before_action :verify_authenticity_token". Then I l...
I read a post about CSRF on DigitalOcean on Habrahabr (it's in Russian O_o) by Sergey Belove. My first reaction was, obviously, HOW COME? DigitalOcean is not kind of a Rails app that would have lame "skip_before_action :verif...
1
Add a comment...

Egor Homakov

Shared publicly  - 
 
The No CAPTCHA problem
When I read about No CAPTCHA for the first time I was really excited. Did we finally find a better solution? Hashcash? Or what? Finally it's available and the blog post disappointed me a bit. Here's Wordpress registration page successfully using No CAPTCHA....
When I read about No CAPTCHA for the first time I was really excited. Did we finally find a better solution? Hashcash? Or what? Finally it's available and the blog post disappointed me a bit. Here's Wordpress registration pag...
1
1
Add a comment...

Egor Homakov

Shared publicly  - 
 
Bypassing ClearClick and X-Frame-Options:Visible
I bet, you know what Clickjacking  (CJ) is. Old problem everybody's tired of hearing of. There are three types of web pages. Don't need to be shown in iframes but have no X-Frame-Options. Basically 99% or more of pages, CJ only exist due to poor design of w...
I bet, you know what Clickjacking (CJ) is. Old problem everybody's tired of hearing of. There are three types of web pages. Don't need to be shown in iframes but have no X-Frame-Options. Basically 99% or more of pages, CJ on...
1
Add a comment...

Egor Homakov

commented on a video on YouTube.
Shared publicly  - 
 
Bullshit. People who cannot make money are stupid and think life should be simple. Live simple life, live in cages, i don't care. The rest of us were born to make progress and to work hard. To change the world. You're just a lazy peasant who learned how to build houses.

Egor Homakov

Shared publicly  - 
 
Covert Redirect FAQ
Hey, so called covert redirect  was all over the news today. I know a thing or two about OAuth security, and here is short FAQ. How does it work? First of all it is mostly Facebook Connect bug, other providers are not vulnerable (author claims they are?), b...
Hey, so called covert redirect was all over the news today. I know a thing or two about OAuth security, and here is short FAQ. How does it work? First of all it is mostly Facebook Connect bug, other providers are not vulnerab...
1
Add a comment...

Egor Homakov

Shared publicly  - 
 
Bitstamp problem and Warm wallets.
We are publishing an audit of Peatio exchanger soon and I've got quite a few thoughts on how to make exchangers' wallets more secure. Five. Million. Dollars. In a hot wallet. Ok, I believe it's not everything they had. It's a small part of their assets. But...
We are publishing an audit of Peatio exchanger soon and I've got quite a few thoughts on how to make exchangers' wallets more secure. Five. Million. Dollars. In a hot wallet. Ok, I believe it's not everything they had. It's a...
1
Add a comment...

Egor Homakov

Shared publicly  - 
 
New Paypal gateway UI is a disaster
Hey. I decided to get a paid plan on Github and Paypal looked like a good payment option to me. Click on big blue Paypal button here . This looks and feels  really good . Lightweight elements, updated color scheme and new logo. Except one thing - how do I k...
Hey. I decided to get a paid plan on Github and Paypal looked like a good payment option to me. Click on big blue Paypal button here. This looks and feels really good. Lightweight elements, updated color scheme and new logo...
2
Add a comment...

Egor Homakov

Shared publicly  - 
 
Hacking file uploaders with race condition
10 months ago I wrote about a simple but powerful bug in Paperclip <=3.5.3 . Thoughtbot mentioned this problem on their blog in quite a misleading way - "a slight problem" . Considering it as an XSS only - yes, a slight problem. But as I said before we can ...
10 months ago I wrote about a simple but powerful bug in Paperclip <=3.5.3. Thoughtbot mentioned this problem on their blog in quite a misleading way - "a slight problem". Considering it as an XSS only - yes, a slight problem...
2
3
Add a comment...

Egor Homakov

Shared publicly  - 
 
Timing attack, 6.66% faster
Personally I'm not a big fan of timing attack  as I believe they are impractical for web apps (while perfectly useful in other fields). To make them useful you need to reduce latency and put your script just in front of the victim's server, send zillions of...
Personally I'm not a big fan of timing attack as I believe they are impractical for web apps (while perfectly useful in other fields). To make them useful you need to reduce latency and put your script just in front of the vi...
1
Add a comment...

Egor Homakov

commented on a video on YouTube.
Shared publicly  - 
 
This was SOOO boring. I live in bangkok and this video is both clueless and useless
Story
Tagline
Security consultant
Introduction
Consulting http://sakurity.com 
Places
Map of the places this user has livedMap of the places this user has livedMap of the places this user has lived
Currently
Everywhere, but mostly Bangkok
Links
Other profiles
Contributor to
Work
Occupation
Consultant
Skills
security, ruby, js
Basic Information
Gender
Male
Even after spending 5k baht still hungry. Terribly overpriced, for 1k udon uni they put one tiny piece of uni.
Public - in the last week
reviewed in the last week
84 reviews
Map
Map
Map
Famous for their rolls. Sushi is good too. They need to either expand or raise prices otherwise wait is too long
Public - in the last week
reviewed in the last week