Sunday, June 8th, 2008
OK gang, this is one of those rare moments where feedback from community will directly influence a security feature that’ll make a real difference. First some background...
About 6 months ago Brandon Sterne left a cushy infosec position at eBay for Mozilla to solve an extremely important Web security problem he ...
Posted in Coding, Internet, Privacy, Security | No Comments
Wednesday, May 28th, 2008
Complexity is the enemy of security. Simple systems are inherently more secure than complex solutions. We see this idea validated again and again in security.
Unfortunately, our IT systems are getting more and more complex as we depend on technology to fuel business growth and innovation. But do we really need ...
Posted in General BS, Hardware, Internet, Linux, Networking, Privacy, Security, Software, Windows | No Comments
Wednesday, April 30th, 2008
If you allow user-contributed content in your site, you run into the problem of dealing with user supplied HTML in a safe manner. The most secure way of dealing with things, of course, is to strip or escape all HTML from user input fields. Unfortunately, there are many situations where ...
Posted in Coding, Internet, Security | No Comments
Wednesday, April 23rd, 2008
GNU’s wget command line program for downloading is very popular, and not without reason. While you can use it simply to retrieve a single file from a server, it is much more powerful than that and offers many more features.
One of the more advanced features in wget is the mirror ...
Posted in Coding, Internet, Linux | No Comments
Monday, April 21st, 2008
Almost everyone knows what CSRF or better unauthorized requests are. I never really embraced CSRF as the correct term for unauthorized request issues, because the term is outdated and inadequate to contemporary hacking. For me, an unauthorized request is the layer or automation of a hacking procedure without direct interference ...
Posted in Internet, Privacy, Security | No Comments
Thursday, April 17th, 2008
The SANS Institute has uncovered what they've termed a "rare gem" as far as computer security investigations go that sheds new light on how up to 20,000 Web sites have been hacked since January.
They found a sneaky software tool that uses Google's search engine to hunt for Web sites running ...
Posted in Coding, Internet, Security, Software | No Comments
Wednesday, April 16th, 2008
About one percent of the Internet web pages are being changed in transit, sometimes in a harmful way, according to researchers at the University of Washington.
In a paper, set to be delivered Wednesday, the researchers document some troubling practices. In July and August they tested data sent to about 50,000 ...
Posted in Coding, Internet, Privacy, Security | No Comments
Monday, April 14th, 2008
Google on Friday said that it has been testing ways to index data that is normally hidden to search engine crawlers, a change that should improve the breadth of information available through Google.
The so-called "hidden Web" that Google has begun indexing refers to data beyond static Web pages, such as Web ...
Posted in Internet, Privacy | No Comments
Monday, April 14th, 2008
Security researcher Billy Rios has discovered a vulnerability in Google Spreadsheets which attackers can exploit using links to crafted tables to steal a user's cookie. According to Rios, the victim has to follow such a link in Internet Explorer. The stolen cookie can be used to access all Google services ...
Posted in Coding, Internet, Privacy, Security, Software | No Comments
Monday, April 14th, 2008
As you will have noticed we’ve posted quite a number of Fuzzing Tools built around different frameworks and in different languages..most for difference targets/purposes too.
Fuzzing has definitely exploded in the last year or so as more people try and understand it and code tools to automate the process. There are ...
Posted in Internet, Privacy, Security | No Comments
