A collection of articles and posts pulled from some of our favorite bloggers across the Internet.
Do you have an IT/Infosec Security blog that we can display here? Suggest a Link, otherwise Contact Us about getting blogging rights here on the Island!
Latest From the Web
From the Web
The Chilling Effect
August 23, 2010 from: Rsnake's blog at ha.ckers.org
I feel like there are a lot of very talented people who will never get to see their day in the sun and as an unfortunate consequence of this vulnerability market some talentless people will...
Comments (0)
From the Web
Hill-Billies: A Case Study
August 18, 2010 from: Rsnake's blog at ha.ckers.org
With every major innovation the security community comes up with, the general public and vendors alike figure out a way to abuse that innovation or work around it to do what they originally wanted to do again - think firewalls and tunneling over port 80...
Comments (0)
From the Web
Removing Entropy From PHP Session IDs
August 15, 2010 from: Rsnake's blog at ha.ckers.org
There are a ton of sites these days that use load-balancers in front of them. There’s a few ways they can be installed - completely transparent or acting more like a proxy. The proxy is the more common setup but it has one pretty huge negative side-effect, all the IP addresses come to the server as just one - the internal IP of the load balancer.
Comments (0)
From the Web
Petabytes On the Cheap
July 21, 2010 from: Rsnake's blog at ha.ckers.org
It turns out you can create a single chassis that contains around 67 terabytes in it for $7,867. That’s pretty incredible...It almost doesn’t make any cost sense to outsource your storage to the cloud with those cost savings.
Comments (1)
From the Web
Some Possible Insights into Geo-Economics of Security
July 21, 2010 from: Rsnake's blog at ha.ckers.org
Buying a certificate to allow for transport security is a good idea if you’re worried about man in the middle attacks. But when you’re in another country where the cost of running your website is a significant investment compared to the United States, suddenly the fees associated with the risks are totally lopsided...
Comments (0)
From the Web
Flash Camera and Mic Remember Function and XSS
July 19, 2010 from: Rsnake's blog at ha.ckers.org
Flash’s settings are very often scoped to the domain rather than the app. Although currently allowing Flash access to camera and microphone isn’t all that common, if it ever did become common using XSS would be a pretty interesting tactic...
Comments (1)
From the Web
Oracle - July 2010 Critical Patch Update Released
July 14, 2010 from: The Oracle Global Product Security Blog
Oracle just released the July 2010 Critical Patch Update (CPUJul2010). This Critical Patch Update (CPU) is the second one to include fixes for the Oracle (formerly Sun) Solaris product line and includes 59 security updates
Comments (0)
From the Web
You Can Hack But You Can't Hide
July 10, 2010 from: Saumil's Infosec Blog
I thought this is a very interesting title for discussion but the whole idea is to debate on whether "you can" or "you can't hide". Now that the hackers around the globe have more sophisticated Hack tools under their belt, spoofing your identity has become even more easier than ever.
Comments (1)
From the Web
Full-Disclosure, Our Turn
July 06, 2010 from: Jeremiah Grossman's Blog
Vulnerabilities in websites happen, especially the ever pervasive Cross-Site Scripting (XSS). Essentially every major website has had to deal with XSS vulnerabilities published publicly or otherwise. This also includes security companies. No one is perfect, no website has proven immune, ours included. As experts in Web application security and specifically XSS, yesterday even we took our turn. W...
Comments (0)
From the Web
Security Alert for CVE-2010-0886 and CVE-2010-0887 Released
July 06, 2010 from: The Oracle Global Product Security Blog
Oracle just released a Security Alert to announce the availability of fixes for two vulnerabilities (CVE-2010-0886 and CVE-2010-0887) affecting Oracle Java SE and Oracle Java For Business. Both vulnerabilities only affect Java when running in a 32-bit web browser. These vulnerabilities are not present in Java running on servers or standalone Java desktop applications and do not impact any Oracle s...
Comments (0)
From the Web
Gmail Introduces Suspicious Activity Warning
July 05, 2010 from: Saumil's Infosec Blog
Recently, My gmail account was hacked by some botnet which sent out e-mails to all my contact asking them to check out a website. I only realized this when I checked my gmail "Sent Mail" folder and had to immediately send a warning message to all my contacts telling them that my account was hacked and not to click on any links from my previous mails.
Comments (1)
From the Web
Using DNS to Find High Value Targets
June 16, 2010 from: Rsnake's blog at ha.ckers.org
With the impending release of Fierce 2.0 I thought I’d spend a minute talking about finding high value targets. I was working with a company in a specific vertical when I realized they use a very large single back end provider (essentially a cloud-based SaaS). But they aren’t the only large company using that SaaS - there are many hundreds of other companies using them as well.
Comments (1)
From the Web
CSRF Isn’t A Big Deal - Duh!
April 14, 2010 from: Rsnake's blog at ha.ckers.org
Did you hear the news? CSRF isn’t a big deal. I just got the memo too! There were a few posts pointing me to an article on the fact that CSRF isn’t that big of a deal. Fear not, I am here to lay the smack down on this foolishness. To be fair, I have no idea who this guy is, and maybe he’s great at other forms of hacking - web applications just don’t happen to be his strong ...
Comments (3)
From the Web
Mozilla Plans Fix for CSS History Hack
March 31, 2010 from: Rsnake's blog at ha.ckers.org
The CSS history hack is soon going to close. If you look at the original Bugzilla thread this is something that Mozilla had marked as a P1 bug since 2002. You heard me right, this P1 bug has been open for 8 years. And here we are, on the cusp of an actual fix.
Comments (0)
From the Web
Mozilla - Plugging the CSS History Leak
March 31, 2010 from: Mozilla Security Blog
From the Mozilla Security Blog - We’re close to landing some changes in the Firefox development tree that will fix a privacy leak that browsers have been struggling with for some time. We’re really excited about this fix, we hope other browsers will follow suit. It’s a tough problem to fix, though, so I’d like to describe how we ended up with this approach.
Comments (1)
From the Web
Durex condom orders exposed on the Internet
March 22, 2010 from: Office of Inadequate Security
Remember the Astroglide breach, when customers who ordered samples of the lubricant had their personal details exposed online? Now there are allegations that Durex condom orders were leaking on the web.
Comments (0)
- BlackWater Campaign Linked to MuddyWater Cyberspies
- Privilege Escalation Flaws Impact Wacom Update Helper
- Answering Tough Questions About Network Metadata and Zeek
- Qakbot Trojan Updates Persistence, Evasion Mechanism
- Flaws in D-Link Cloud Camera Expose Video Streams
- SOAR: Doing More with Less
- Gaining Control of Security and Privacy to Protect IoT Data
- Growing Reliance on Digital Connectivity Amplifies Existing Risks, Creates New Ones
- How Microsegmentation Helps to Keep Your Network Security Watertight
- Through the Executive Lens: Prioritizing Application Security Vulnerabilities