Tuesday, June 24th, 2008
The interception of Internet traffic to snoop on phone calls or track surfers' behavior is a hot topic -- but what's keeping members of ICANN's Security and Stability Advisory Committee up at night is the interception of traffic to and from sites that don't even exist. They explained why in ...
Posted in Internet, Security | No Comments
Tuesday, June 3rd, 2008
For a while now I’ve been using different web browsers to compartmentalize my risk. Most of my primary browsing is in one browser, but I use another for potentially risky activities I want to isolate more. Running different browsers for different sessions isolates certain types of attacks. For example, unless ...
Posted in General BS, Internet, Linux, Privacy, Security, Software | No Comments
Tuesday, June 3rd, 2008
Access-Me allows users to test their web applications for authentication vulnerabilities. With this first release the user will be able to:
Resubmit the current page without session tokens
Resubmit the current page using different HTTP verbs (HEAD/SECCOM)
View reports on how the application handled the requests.
Access-Me 0.1 is available ...
Posted in Privacy, Security | No Comments
Sunday, June 1st, 2008
XSS (Cross-Site Scripting) Very Much Alive and Kicking
We were about to investigate further on malicious activities related to banner82(dot)com/b.js but the URL was already inaccessible around Tuesday. Soon enough the malicious script in www(dot)adw95(dot)com caught our interest. A rough survey of the sites compromised by this script reveal that the ...
Posted in Coding, Internet, Security | No Comments
Wednesday, May 28th, 2008
Complexity is the enemy of security. Simple systems are inherently more secure than complex solutions. We see this idea validated again and again in security.
Unfortunately, our IT systems are getting more and more complex as we depend on technology to fuel business growth and innovation. But do we really need ...
Posted in General BS, Hardware, Internet, Linux, Networking, Privacy, Security, Software, Windows | No Comments
