Tuesday, June 3rd, 2008
Access-Me allows users to test their web applications for authentication vulnerabilities. With this first release the user will be able to:
Resubmit the current page without session tokens
Resubmit the current page using different HTTP verbs (HEAD/SECCOM)
View reports on how the application handled the requests.
Access-Me 0.1 is available ...
Posted in Privacy, Security | No Comments
Sunday, June 1st, 2008
XSS (Cross-Site Scripting) Very Much Alive and Kicking
We were about to investigate further on malicious activities related to banner82(dot)com/b.js but the URL was already inaccessible around Tuesday. Soon enough the malicious script in www(dot)adw95(dot)com caught our interest. A rough survey of the sites compromised by this script reveal that the ...
Posted in Coding, Internet, Security | No Comments
Sunday, June 1st, 2008
The videos from ShmooCon 2008 have hit the shelves. Go download them at:
http://www.shmoocon.org/2008/videos/
EDIT: As of the time of this post, some of the videos are incorrectly named. Here is the 1-> 1:
Correctly Named:
21st Century Shellcode for Solaris
Advanced Protocol Fuzzing - What We Learned when Bringing Layer2 Logic to SPIKE land
Backtrack ...
Posted in General BS, Security | No Comments
Tuesday, May 20th, 2008
This may seem painfully obvious to some people, but I looked around and couldn’t find a reference to it, so I apologize ahead of time for anyone who already knew this. When we normally think of how attackers use proxies they are almost always just trying to hide their IP ...
Posted in Coding, Hardware, Internet, Networking, Privacy, Security | No Comments
Tuesday, May 20th, 2008
My favorite tech quote is from Giorgio Maone. It goes like this: If today’s malware mostly runs on Windows because it’s the commonest executable platform, tomorrow’s will likely run on the Web, for the very same reason. Because, like it or not, Web is already a huge executable platform, and ...
Posted in Coding, Internet, Privacy, Security | No Comments
