Thursday, May 1st, 2008
I am pretty sure that there are a number of you out there reading this blog over a wireless network. Given that wireless is so widely distributed these days, its not uncommon that users are unaware of how insecure their wireless setup maybe.
Unfortunately one other reality is that a number ...
Posted in Hardware, Internet, Privacy, Security, Software | No Comments
Wednesday, April 30th, 2008
This paper will help you configure your web browser for safer internet surfing. It is written for home computer users, students, small business workers, and any other person who works with limited Information Technology (IT) support and broadband (cable modem, DSL) or dial-up connectivity. Although the information in this document may ...
Posted in Internet, Linux, Privacy, Security, Windows | No Comments
Wednesday, April 30th, 2008
If you allow user-contributed content in your site, you run into the problem of dealing with user supplied HTML in a safe manner. The most secure way of dealing with things, of course, is to strip or escape all HTML from user input fields. Unfortunately, there are many situations where ...
Posted in Coding, Internet, Security | No Comments
Monday, April 28th, 2008
Microsoft has provided security advice to web developers using its products after many such sites were compromised. Last week, hundreds of thousands of web pages were infected with a malicious iframe which tries to infect visitors with a trojan. Many high profile sites including the United Nations (un.org), the UK ...
Posted in Internet, Security | No Comments
Saturday, April 26th, 2008
How can an attacker exploit a PL/SQL procedure that doesn’t even take user input? Or how does one do SQL injection using DATE or even NUMBER data types? In the past this has not been possible but as this paper will demonstrate, with a little bit of trickery, you can ...
Posted in Coding, Internet, Privacy, Security, Software | No Comments
Saturday, April 26th, 2008
WordPress 2.5.1 came out recently. It includes a critical security fix for a cookie integrity bug that would allow an attacker to impersonate other users, including WordPress admins, by manipulating the contents of an HTTP cookie. Whenever I read about a vulnerability predicated on the user identity being embedded ...
Posted in Coding, Internet, Privacy, Security, Software | 1 Comment
Friday, April 25th, 2008
A remote vulnerability exists in the QuickTime player for Windows XP and Vista (latest service packs). Other versions are believed to be affected as well. For now, no details will be released regarding the method of exploitation.
Because we are an information security think tank and because we encounter some very ...
Posted in Coding, Internet, Privacy, Security, Software | No Comments
Thursday, April 24th, 2008
The Internet is slowly inching closer to ratcheting up the security of its Domain Name System (DNS) server architecture: The Internet Corporation for Assigned Names and Numbers (ICANN) plans to go operational with the secure DNS technology, DNSSEC, later this year in one of its domains.
ICANN officials said the organization ...
Posted in Internet, Privacy, Security | No Comments
Thursday, April 24th, 2008
Dating back to the end of February, we have been tracking test runs of malicious PDF messages to very specific targets. These PDF files exploit the recent vulnerability CVE-2008-0655.
Ever since the end of March, beginning of April, the amount of samples seen in the wild has significantly increased. Interestingly enough, ...
Posted in Internet, Privacy, Security, Software | No Comments
Thursday, April 24th, 2008
There's another round of mass SQL injections going on which has infected hundreds of thousands of websites.
Performing a Google search results in over 510,000 modified pages.
Posted in Coding, Internet, Security | No Comments
