Tuesday, June 3rd, 2008
Most malware tends to store stolen credentials and information in make-shift text files, which are then forwarded to the author via email or another protocol. However, the use of scalable and robust solutions is becoming more popular in the malware community. In fact, it is becoming increasingly popular for malware ...
Posted in Coding, Internet, Privacy, Security | No Comments
Sunday, June 1st, 2008
The videos from ShmooCon 2008 have hit the shelves. Go download them at:
http://www.shmoocon.org/2008/videos/
EDIT: As of the time of this post, some of the videos are incorrectly named. Here is the 1-> 1:
Correctly Named:
21st Century Shellcode for Solaris
Advanced Protocol Fuzzing - What We Learned when Bringing Layer2 Logic to SPIKE land
Backtrack ...
Posted in General BS, Security | No Comments
Thursday, May 29th, 2008
Web developer Aza Raskin knows we visit Digg, Del.icio.us, Reddit and Facebook without even having to ask.
No, he isn't employing privacy violating hackery, but he is exploiting a "cute" information leak in CSS that traditionally displays visited links differently than those that have yet to be visited. By loading in ...
Posted in Coding, Internet, Privacy, Security | No Comments
Monday, May 5th, 2008
Nowadays, who understands Di-Di-Di-Da-Da-Da-Di-Di-Dit (S.O.S., Save Our Souls)? Few people do, but your web browser just might. In his blog, security expert Nathan McFeters has reported the discovery of a cross-site scripting (XSS) vulnerability on an Italian website that allows attackers to inject malicious JavaScript encoded in Morse code in ...
Posted in Coding, Internet, Privacy, Security | No Comments
Wednesday, April 30th, 2008
If you allow user-contributed content in your site, you run into the problem of dealing with user supplied HTML in a safe manner. The most secure way of dealing with things, of course, is to strip or escape all HTML from user input fields. Unfortunately, there are many situations where ...
Posted in Coding, Internet, Security | No Comments
