Wednesday, July 2nd, 2008
Ratproxy is a semi-automated, largely passive web application security audit tool. It is meant to complement active crawlers and manual proxies more commonly used for this task, and is optimized specifically for an accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the ...
Posted in Internet, Networking, Privacy, Security, Software | No Comments
Monday, June 23rd, 2008
As I mentioned in my post on Cross Document Messaging, client side cross domain request is an important area of interest for AJAX developers looking for ways to avoid expensive server side proxying calls. While Cross Document Messaging is useful for allowing third party components or gadgets embedded in a ...
Posted in Coding, Internet, Privacy, Security, Software | No Comments
Wednesday, June 11th, 2008
SIPVicious suite is a set of tools that can be used to audit SIP based VoIP systems. It currently consists of four tools:
svmap - this is a sip scanner. Lists SIP devices found on an IP range
svwar - identifies active extensions on a PBX
svcrack - an online password cracker for ...
Posted in Coding, Internet, Privacy, Security, Software | No Comments
Tuesday, May 20th, 2008
This may seem painfully obvious to some people, but I looked around and couldn’t find a reference to it, so I apologize ahead of time for anyone who already knew this. When we normally think of how attackers use proxies they are almost always just trying to hide their IP ...
Posted in Coding, Hardware, Internet, Networking, Privacy, Security | No Comments
Sunday, May 11th, 2008
We received a report from Mike this afternoon about a couple of URLs containing a malicious JavaScript that pulls down a file associated with Zlob. If you do a google search for these two URLs, you get about 400,000 sites that have a call to this Javascript file included in ...
Posted in Internet, Privacy, Security | No Comments
Thursday, May 1st, 2008
Security's rising star, Webroot, plans to offer web and malware filtering as a service to SMBs, the first vendor of any size to offer such a capability in subscription form.
The software-as a service (SaaS) model, which extends the email filtering service already offered by the company, will appeal to smaller ...
Posted in Internet, Privacy, Security, Software | No Comments
Sunday, April 13th, 2008
Cybercriminals have created a global business with a supply chain every bit as organized and sophisticated as that of any legitimate business. The difference is that cybercrime takes advantage of unsuspecting consumers and insecure businesses to steal untold amounts of money.
According to security experts and spam fighters speaking at a ...
Posted in Internet, Privacy, Security | No Comments
Friday, April 11th, 2008
Traditional IDS/IPS systems occur at the network level, usually plugged into a spanning port on a switch. I love this concept and think it should be part of any defense in depth strategy. The two primary weaknesses in these devices are, (1) they cannot process encrypted streams and (2) they ...
Posted in Coding, Internet, Security | No Comments
Wednesday, April 9th, 2008
Many schools, companies and organizations these days use Internet filtering software to block certain websites from access. However, for every one of these blocking tools, there is a work around for savvy users that want to see the content. It's not that difficult to bypass MySpace filters and other similar ...
Posted in Internet, Networking, Privacy, Software | No Comments
