Tuesday, February 3rd, 2009
As you may already be aware from the message on phpBB.com or the topic in the #phpBB channel on Freenode, we have recently been attacked via a vulnerability in an outdated PHPList installation. The initial attack was performed well before a new version of the software was released or a ...
Posted in Coding, Internet, PHP, Privacy, Security | 1 Comment
Monday, January 26th, 2009
The 'RunAs' application included with Microsoft Windows is prone to a local information-disclosure vulnerability that may reveal information about password lengths.
A local attacker may exploit this issue to gain information about user passwords. This may aid in further attacks, such as brute-force or dictionary attacks against passwords.
An attacker requires local, ...
Posted in Security, Windows | No Comments
Thursday, January 15th, 2009
Many popular Windows encryption programs that hide files inside mounted volumes could be fatally compromised by a new type of attack uncovered by a German researcher.
According to a paper published by Bern Roellgen, who also works for encryption software outfit PMC Ciphers, such OTFE (on-the-fly-encryption) programs typically pass the password ...
Posted in Privacy, Security, Windows | 1 Comment
Tuesday, January 13th, 2009
I decided to try the ever popular Firefox plugin called Foxmarks that lets you sync and back up your bookmarks and passwords across multiple computers. I didn't feel comfortable using the password sync quite yet because it will take me a while to trust a 3rd party with that kind ...
Posted in Internet, Privacy, Security | 2 Comments
Sunday, January 4th, 2009
This document is meant to provide web application developers, browser engineers, and information security researchers with a one-stop reference to key security properties of contemporary web browsers. Insufficient understanding of these often poorly-documented characteristics is a major contributing factor to the prevalence of several classes of security vulnerabilities.
Although all browsers ...
Posted in Coding, Internet, Security | No Comments
