Tuesday, December 1st, 2009
For the security-conscious, those shortened URLs on Twitter can be unnerving. After all, where is that shortened URL really taking you? This summer, security vendors documented how spammers and phishers were exploiting URL shortening services to try to trick users into visiting sketchy sites. On Monday, one URL shortening service ...
Posted in Internet, Security | No Comments
Tuesday, December 1st, 2009
Vulnerability assessment vendor Rapid7 has announced the first of a series of steps to integrate its penetration testing and vulnerability assessment scanning products. The first step is a module that allows users of the Metasploit Framework, which Rapid7 acquired in October to natively import NeXpose scanner results and then take ...
Posted in Internet, Networking, Privacy, Security, Software | No Comments
Tuesday, December 1st, 2009
Here is a great video from Robert "RSnake" Hansen explaining what DNS Rebinding actually is and shows some various attacks that may be performed as a result of it. RSnake also explains what can be done to fix the problem and explains why it might not happen any time soon.
DNS ...
Posted in Internet, Networking, Privacy, Security | No Comments
Tuesday, December 1st, 2009
There's nothing new about Windows trojans resorting to a little blackmail, but Computer Associates has now observed a new twist; a trojan which blocks internet access until the user enters an activation code. This is activation code is obtained by sending an SMS containing a particular number to an expensive ...
Posted in Internet, Privacy, Security, Windows | No Comments
Tuesday, December 1st, 2009
Web browsers enforce the same origin policy to prevent one site's active content (such as JavaScript) from accessing or modifying another site's data. For instance, active content hosted at http:///page1.html can access DOM objects on http:///page2.html, but cannot access objects hosted at http:///page.html. Many clientless SSL VPN products retrieve content ...
Posted in Internet, Networking, Privacy, Security | No Comments
