Sunday, May 11th, 2008
We received a report from Mike this afternoon about a couple of URLs containing a malicious JavaScript that pulls down a file associated with Zlob. If you do a google search for these two URLs, you get about 400,000 sites that have a call to this Javascript file included in ...
Posted in Internet, Privacy, Security | No Comments
Sunday, May 11th, 2008
Inspired by a comment on Ajaxian, I killed another afternoon or two making a small library capable of reading EXIF data from JPEG images, figuring I would at least learn a bit about EXIF and the JPEG (and TIFF) image formats.
Before we start, a small disclaimer. I'm somewhat of a ...
Posted in Coding, Internet, Privacy, Security | No Comments
Wednesday, May 7th, 2008
Yahoo is to start flagging links to sites that may contain dangerous content. Google has been warning users if a potentially dangerous website is behind the link in the list of hits displayed for some time now. Yahoo is following suit by marking websites that could possibly infect visitors with ...
Posted in Internet, Security, Software | No Comments
Monday, May 5th, 2008
Nowadays, who understands Di-Di-Di-Da-Da-Da-Di-Di-Dit (S.O.S., Save Our Souls)? Few people do, but your web browser just might. In his blog, security expert Nathan McFeters has reported the discovery of a cross-site scripting (XSS) vulnerability on an Italian website that allows attackers to inject malicious JavaScript encoded in Morse code in ...
Posted in Coding, Internet, Privacy, Security | No Comments
Monday, May 5th, 2008
Today I decided to give a very brief example on pharming and why it's so easy to pharm surfers with little or no skills. Usually, browser exploit writers give simple examples on how to read the boot files, or launch a calculator. There is so much you can do with ...
Posted in Coding, Internet, Privacy, Security | No Comments
Wednesday, April 30th, 2008
If you allow user-contributed content in your site, you run into the problem of dealing with user supplied HTML in a safe manner. The most secure way of dealing with things, of course, is to strip or escape all HTML from user input fields. Unfortunately, there are many situations where ...
Posted in Coding, Internet, Security | No Comments
Sunday, April 27th, 2008
Many people are switching from Internet Explorer to alternative browsers such as Firefox and Safari. Though that might make them feel more secure, the shift has also opened new doors for bad guys.
Case in point: We have no IE bugs to report this month, but both Firefox and Safari have ...
Posted in Internet, Linux, Security, Windows | No Comments
Thursday, April 24th, 2008
There's another round of mass SQL injections going on which has infected hundreds of thousands of websites.
Performing a Google search results in over 510,000 modified pages.
Posted in Coding, Internet, Security | No Comments
Monday, April 21st, 2008
Almost everyone knows what CSRF or better unauthorized requests are. I never really embraced CSRF as the correct term for unauthorized request issues, because the term is outdated and inadequate to contemporary hacking. For me, an unauthorized request is the layer or automation of a hacking procedure without direct interference ...
Posted in Internet, Privacy, Security | No Comments
Thursday, April 17th, 2008
The SANS Institute has uncovered what they've termed a "rare gem" as far as computer security investigations go that sheds new light on how up to 20,000 Web sites have been hacked since January.
They found a sneaky software tool that uses Google's search engine to hunt for Web sites running ...
Posted in Coding, Internet, Security, Software | No Comments
