Wednesday, June 4th, 2008
Recently Arshan Dabirsiaghi, Director of Research of Aspect Security, published a white paper entitled “Bypassing URL Authentication and Authorization with HTTP Verb Tampering”. Initially there was a lot of confusion about what exactly was being explained or claimed. Including, is it real? Is it novel? Is it dangerous? What is ...
Posted in Coding, Internet, Privacy, Security | No Comments
Sunday, June 1st, 2008
XSS (Cross-Site Scripting) Very Much Alive and Kicking
We were about to investigate further on malicious activities related to banner82(dot)com/b.js but the URL was already inaccessible around Tuesday. Soon enough the malicious script in www(dot)adw95(dot)com caught our interest. A rough survey of the sites compromised by this script reveal that the ...
Posted in Coding, Internet, Security | No Comments
Friday, May 23rd, 2008
A researcher has spotted a security problem in Facebook that could lead to hackers taking control of user accounts.
The flaw allows a hacker to execute scripts on Facebook that could potentially be used to create a fake log-in page and capture people's passwords, according to the XSSED security blog. The ...
Posted in Coding, Internet, Privacy, Security | No Comments
Tuesday, May 20th, 2008
Developers of the Firefox browser are designing new technologies aimed at protecting users from some of the nastiest and most prevalent forms of website attacks.
One protection is designed to minimize end users' risk to cross-site scripting (XSS) attacks and cross-site request forgeries (CSRFs), both of which subvert basic internet security ...
Posted in Coding, Internet, Privacy, Security | No Comments
Tuesday, May 20th, 2008
My favorite tech quote is from Giorgio Maone. It goes like this: If today’s malware mostly runs on Windows because it’s the commonest executable platform, tomorrow’s will likely run on the Web, for the very same reason. Because, like it or not, Web is already a huge executable platform, and ...
Posted in Coding, Internet, Privacy, Security | No Comments