Monday, May 5th, 2008
Nowadays, who understands Di-Di-Di-Da-Da-Da-Di-Di-Dit (S.O.S., Save Our Souls)? Few people do, but your web browser just might. In his blog, security expert Nathan McFeters has reported the discovery of a cross-site scripting (XSS) vulnerability on an Italian website that allows attackers to inject malicious JavaScript encoded in Morse code in ...
Posted in Coding, Internet, Privacy, Security | No Comments
Wednesday, April 30th, 2008
This paper will help you configure your web browser for safer internet surfing. It is written for home computer users, students, small business workers, and any other person who works with limited Information Technology (IT) support and broadband (cable modem, DSL) or dial-up connectivity. Although the information in this document may ...
Posted in Internet, Linux, Privacy, Security, Windows | No Comments
Wednesday, April 30th, 2008
If you allow user-contributed content in your site, you run into the problem of dealing with user supplied HTML in a safe manner. The most secure way of dealing with things, of course, is to strip or escape all HTML from user input fields. Unfortunately, there are many situations where ...
Posted in Coding, Internet, Security | No Comments
Monday, April 14th, 2008
Many of the loopholes left in the code created for websites have been known about for almost a decade say the security researchers.
The poor practices are proving very attractive to hi-tech criminals looking for a ready source of victims.
According to Symantec the number of sites vulnerable in this way almost ...
Posted in Coding, Internet, Privacy, Security | No Comments
Monday, April 14th, 2008
Security researcher Billy Rios has discovered a vulnerability in Google Spreadsheets which attackers can exploit using links to crafted tables to steal a user's cookie. According to Rios, the victim has to follow such a link in Internet Explorer. The stolen cookie can be used to access all Google services ...
Posted in Coding, Internet, Privacy, Security, Software | No Comments
Monday, April 14th, 2008
As you will have noticed we’ve posted quite a number of Fuzzing Tools built around different frameworks and in different languages..most for difference targets/purposes too.
Fuzzing has definitely exploded in the last year or so as more people try and understand it and code tools to automate the process. There are ...
Posted in Internet, Privacy, Security | No Comments
Wednesday, April 9th, 2008
The folks over at Darknet do a great job of pointing out interesting tools for use in penetration testing and web app security testing among other things. I won’t be duplicating their feed here, but when I see something that I want to test for myself, I will be posting ...
Posted in Coding, Internet, Linux, Privacy, Security, Software | No Comments
Wednesday, April 9th, 2008
A new version of Wfuzz is available, many improvements and fixes since first release which was in the middle of 2007. Fuzzing is definitely in, an article was posted recently about how everyone should keep on fuzzing! Will post it up soon.
Wfuzz is a tool designed for bruteforcing Web Applications, ...
Posted in Coding, Internet, Privacy, Security, Software | No Comments
Tuesday, March 25th, 2008
You installed Firefox. How do you make it more secure for daily use? How do the Mozilla developers ensure that they are doing all the right things? How do you safely browse the Internet?
These are not easy questions to answer, and some of the answers will be system/OS-dependent.
Security functionality in ...
Posted in Internet, Linux, Privacy, Security, Software, Windows | No Comments
Monday, March 24th, 2008
Exploit-Me is a suite of Firefox web application security testing tools. Exploit-Me tools are designed to be lightweight and easy to use. Instead of using a proxy like many web application testing tools, Exploit-Me integrates directly with Firefox. It currently consists of two tools, one for XSS and one for ...
Posted in Coding, Internet, Privacy, Security, Software | No Comments
