Wednesday, April 30th, 2008
If you allow user-contributed content in your site, you run into the problem of dealing with user supplied HTML in a safe manner. The most secure way of dealing with things, of course, is to strip or escape all HTML from user input fields. Unfortunately, there are many situations where ...
Posted in Coding, Internet, Security | No Comments
Tuesday, April 29th, 2008
It's long been assumed that Microsoft has built in various "backdoors" for law enforcement to get around its own security, but now reader Kevin Stapp writes in to let us know that the company has also been literally handing out the keys to law enforcement. Apparently, they're giving out special ...
Posted in Hardware, Privacy, Security, Windows | No Comments
Tuesday, April 29th, 2008
The latest versions of fgdump and pwdump have been released by the foofus.net team. Looks like the most important change is that both tools support 64-bit targets. Here is the official announcement:
"The foofus.net team is pleased to announce updates to both fgdump (2.0.0) and pwdump (1.7.1), which incorporate a number ...
Posted in Coding, Linux, Privacy, Security | 1 Comment
Monday, April 28th, 2008
Wireless networking technologies are a rich playground for hackers -- both ethical penetration testers and malicious attackers. There are many avenues of attack, ranging from attacking the infrastructure, the clients, or the actual traffic through man-in-the-middle sniffing and manipulation. Rich Mogull covered the wireless “Evil Twin” attack in his recent ...
Posted in Hardware, Internet, Networking, Privacy, Security | No Comments
Monday, April 28th, 2008
The notorious Rock Phish gang has added a new twist to its phishing exploits that doesn’t require its victim to visit a malicious Website -- instead, it just loads a malicious keylogging Trojan onto the victim’s machine that steals information or credentials.
Both Trend Microand F-Secure over the past few days ...
Posted in Internet, Privacy, Security | No Comments
