Tuesday, July 1st, 2008
Blizzard's announcement of two-factor authentication for World of Warcraft is more significant than people realize.
Passwords are obsolete. They are broken. We all recognize this, yet we aren't quite ready to give up on passwords because we haven't an easy alternative.
World of Warcraft (WoW) is a good test case. It is ...
Posted in Gaming, Internet, Networking, Privacy, Security, Software | No Comments
Tuesday, July 1st, 2008
Italian researchers have published a paper on the Detection of Encrypted Tunnels across Network Boundaries. I came across it in a google search because I’ve been thinking of writing a program which does something similar. It doesn’t seem like anyone else has picked up on this research yet so I ...
Posted in Internet, Linux, Networking, Privacy, Security | No Comments
Monday, June 23rd, 2008
As I mentioned in my post on Cross Document Messaging, client side cross domain request is an important area of interest for AJAX developers looking for ways to avoid expensive server side proxying calls. While Cross Document Messaging is useful for allowing third party components or gadgets embedded in a ...
Posted in Coding, Internet, Privacy, Security, Software | No Comments
Saturday, June 21st, 2008
Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords ...
Posted in Internet, Linux, Networking, Privacy, Security, Software, Windows | No Comments
Friday, June 20th, 2008
It’s not rocket science, but any time we mingle and intertwine four or five different pieces of technology, there’s always the potential for a mess… or at least a misconfiguration or two along the way. Don’t know what 802.1X is? Check out the recent 802.1X technology primer.
If you’re planning to, ...
Posted in Hardware, Internet, Networking, Privacy, Security | No Comments
Wednesday, June 11th, 2008
SIPVicious suite is a set of tools that can be used to audit SIP based VoIP systems. It currently consists of four tools:
svmap - this is a sip scanner. Lists SIP devices found on an IP range
svwar - identifies active extensions on a PBX
svcrack - an online password cracker for ...
Posted in Coding, Internet, Privacy, Security, Software | No Comments
Wednesday, June 4th, 2008
Recently Arshan Dabirsiaghi, Director of Research of Aspect Security, published a white paper entitled “Bypassing URL Authentication and Authorization with HTTP Verb Tampering”. Initially there was a lot of confusion about what exactly was being explained or claimed. Including, is it real? Is it novel? Is it dangerous? What is ...
Posted in Coding, Internet, Privacy, Security | No Comments
Tuesday, June 3rd, 2008
Access-Me allows users to test their web applications for authentication vulnerabilities. With this first release the user will be able to:
Resubmit the current page without session tokens
Resubmit the current page using different HTTP verbs (HEAD/SECCOM)
View reports on how the application handled the requests.
Access-Me 0.1 is available ...
Posted in Privacy, Security | No Comments
Monday, June 2nd, 2008
If you own or work at a small to mid-sized business, and are presented with an error message about data synchronization or site maintenance when trying to access your company's bank account online, you might want to give the bank a call: A criminal group that specializes in deploying malicious ...
Posted in Internet, Privacy, Security | No Comments
Friday, May 30th, 2008
Students at the Ruhr University of Bochum, Germany, say they have found a way to steal security tokens in Microsoft's new CardSpace authentication framework. Attackers can apparently get access to protected, encrypted user data – such as passwords, credit card numbers, and delivery addresses – when they are transmitted. ...
Posted in Security, Windows | No Comments
