Monday, April 21st, 2008 Almost everyone knows what CSRF or better unauthorized requests are. I never really embraced CSRF as the correct term for unauthorized request issues, because the term is outdated and inadequate to contemporary hacking. For me, an unauthorized request is the layer or automation of a hacking procedure without direct interference ...
Posted in Internet, Privacy, Security | No Comments
Wednesday, April 16th, 2008 About one percent of the Internet web pages are being changed in transit, sometimes in a harmful way, according to researchers at the University of Washington.In a paper, set to be delivered Wednesday, the researchers document some troubling practices. In July and August they tested data sent to about 50,000 ...
Posted in Coding, Internet, Privacy, Security | No Comments
Tuesday, April 15th, 2008 Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote shell on the vulnerable DB server, even in a very hostile environment. It should be used by penetration testers to ...
Posted in Internet, Privacy, Security, Software | No Comments
Friday, April 11th, 2008 Up to 80% of Web sites flagged as malicious by antivirus and search engine indexes are legitimate businesses, according to security experts.
Experts said while the security industry is on top of conventional spam and phishing attacks, more effort needs to be put into preventing and eliminating so-called drive-by-downloads.The attacks allow ...
Posted in Internet, Security | No Comments
Friday, April 11th, 2008 Traditional IDS/IPS systems occur at the network level, usually plugged into a spanning port on a switch. I love this concept and think it should be part of any defense in depth strategy. The two primary weaknesses in these devices are, (1) they cannot process encrypted streams and (2) they ...
Posted in Coding, Internet, Security | 2 Comments
