This blog is about web technologies and games with a focus performance and security
January 2016

This post looks at how an attacker can intercept and read emails sent from one email provider to another by performing a DNS MX record hijacking attack. While our research on the state of email delivery security indicates that this attack is less pervasive than the TLS downgrade attack discussed in a previous post, it is equally effective at defeating email in-transit encryption. This post explains how this attack works, how it can be mitigated and to what extent it also affects the security of a website.

January 2016

Follow these ten easy steps to improve your online security and privacy quickly.

December 2015

Over the last two years, the number of encrypted emails received by Gmail has almost doubled, as I reported earlier on the Google security blog. This very encouraging trend is sadly accompanied with an increase of SMTP TLS downgrade attacks, which prevent encryption of emails in transit as discussed in our research paper on the state of email transport security. This blog post explains how such an attack is performed and why there is no simple “patch” for it.

Phishing is a social-engineering attack where the attacker entice his victims to give-up their credentials for a given website by impersonating it. Believe it or not phishing campaigns are well organized and follow a very strict playbook. This post aim at shedding some light on how phishing campaign works under the hood, showcase which infrastructure phishers use to steal users credentials and provide advice on how to defend against it.

May 2015

To help Hearthstone players keep track of complex effect outcomes and improve their game play, I created a set cheat sheets. Each sheet cheat provided detailed statistics for a given card that trigger a complex effect such as the piloted shredder “summon a 2-mana cost minion.”

April 2015

To celebrate the new Hearthstone extension, Blackrock Mountain, I’m releasing a Hearthstone 3D card viewer written in pure Javascript. I feel Blackrock Mountain’s release is the perfect opportunity to showcase HTML5’s top notch performance and inspire more people to do cool visualizations on the web. With well over 500 cards, it’s high time to create a tool with powerful filtering and attractive visualization to explore the cards in an interesting fashion that works both on desktops and tablets. Hope you like it  :)

April 2015

19.5% of HTTPS-enabled sites in Alexa's Top 1 Million trigger or will soon trigger a Chrome security warning because they are using the now deprecated SHA-1 signature algorithm to sign their HTTPS certificate. Soon those sites will be flagged by all major browsers as insecure.

September 2014

I am a legend: Hacking Hearthstone with machine learning Defcon talk wrap-up: video and slides available but no tool. Here is why: The video and slides of our talk on how to use machine learning for Hearthstone are finally available for those who couldn’t come to Defcon. In our talk, Celine and I show how […]

August 2014

Is it possible to reliably predict what your opponent will play during a hearthstone game? Turnout the answer is yes you can use machine learning to predict what is in your opponent deck based on what he played earlier in the game.

August 2014

In this post, we will evaluate the mana cost of two cards with unique abilities: Edwin VanCleef and the Twilight drake.  We will see that VanCleef is clearly an undervalued card whereas the Twilight drake have a fair price. This is the third post on my serie on how to price Hearthstone cards.

Keep in touch with Elie's blog

Enter your email to receive new blog posts in your inbox

Elie Bursztein © 2016
About Me

Recent entries