Monday, August 11th, 2008
Say hello to a new security tool called “Surf Jack” which demonstrates a security flaw found in many public sites. The proof of concept tool allows testers to steal session cookies on HTTP and HTTPS sites that do not set the Cookie secure flag. I’ve been working with two banks ...
Posted in Internet, Linux, Networking, Privacy, Security, Windows | No Comments
Sunday, August 10th, 2008
A security researcher at the Defcon hacker conference in Las Vegas on Saturday demonstrated a tool he built that allows attackers to break into your inbox even if you are accessing your Gmail over a persistent, encrypted session (using https:// versus http://).
When you log in to Gmail, Google's servers will ...
Posted in Internet, Privacy, Security | No Comments
Sunday, August 10th, 2008
Microsoft is to release fixes for a dozen serious vulnerabilities next Tuesday, seven of them ranked critical. But the firm has also announced a three-stage process to reducing the effects of future vulnerabilities.Next week’s update (the regular ‘Patch Tuesday’ release which comes in the second week of each month) includes ...
Posted in General BS, Security, Windows | No Comments
Sunday, August 10th, 2008
At the Black Hat conference in Las Vegas on Thursday, Eric Filiol, the head scientist at the French Army Signals Academy's Virology and Cryptology Lab, explained how to steal data from a computer without a network connection.Filiol demonstrated what he called the Windows Jingle Attack, a method for encoding a ...
Posted in General BS, Security, Windows | No Comments
Sunday, August 10th, 2008
The big security news of Summer 2008 has been Dan Kaminsky's discovery of a serious vulnerability in DNS. This vulnerability could allow an attacker to redirect network clients to alternate servers of his own choosing, presumably for ill ends.This all led to a mad dash to patch DNS servers worldwide, ...
Posted in Internet, Linux, Networking, Privacy, Security, Software, Windows | No Comments
