Enterprise Wi-Fi Gets a Security Boost

Tuesday, May 19th, 2009

The Wi-Fi Alliance has expanded its WPA2 certification program to include a tool for secure handoffs between Wi-Fi and 3G networks, as well as an authentication system that uses multiple secured tunnels. WPA2 (Wi-Fi Protected Access 2) is the most advanced security standard for Wi-Fi. The WPA2 certification program already included ...

Improving Security with URL Rewriting

Thursday, April 9th, 2009

Most web application security experts frown on the practice of passing session or authentication tokens in a URL through the use of URL rewriting. Usually these tokens are passed between the server and the browser through HTTP cookies, but in cases where users configure their browsers to not accept cookies, ...

Twitter closes SMS spoofing hole

Friday, March 6th, 2009

Twitter, the micro-blogging site, has closed an SMS spoofing security hole which, until Wednesday night, left accounts open to being hijacked. The vulnerability was due to an authentication weakness that allowed anyone who knew a user's mobile number to spoof their messages, provided that the user's mobile number was set ...

GMail Service CSRF Vulnerability

Tuesday, March 3rd, 2009

Gmail is Google's "free webmail service. It comes with built-in Google search technology and over 2,600 megabytes of storage (and growing every day). You can keep all your important messages, files and pictures forever, use search to quickly and easily find anything you're looking for, and make sense of it ...

Twitter Security Collapses

Monday, January 5th, 2009

Days after a wave of phishing attacks fooled thousands of Twitter users, it appears that another security hole has been found by...someone. Obama's account, unused since election day, sent out an affiliate link to a survey with a gas card prize, Fox News said that "Bill O'Reily is gay" (not ...