A collection of articles and posts pulled from some of our favorite bloggers across the Internet.

Do you have an IT/Infosec Security blog that we can display here? Suggest a Link, otherwise Contact Us about getting blogging rights here on the Island!

Latest From the Web


From the Web

Hackers Use Custom PoS Malware to Target Retailers

March 31, 2016 from: SecurityWeek

A cybercriminal group has been using a custom-build point-of-sale (PoS) malware family to steal payment card data, which it sells on underground forums.

Comments  (0)


From the Web

Mod_Security and Slowloris

December 10, 2010 from: Rsnake's blog at ha.ckers.org

After all the press around Wong Onn Chee and Tom Brennan’s version of a HTTP DoS attack, I think people started taking HTTP DoS a tad more seriously. Yes, there are lots of variants of HTTP based DoS attack, and I’m sure more tools will surface over time. The really interesting part is how both Apache and IIS has disagreed that it is their problem to fix. So we are left to fend for ourselves. ...

Comments  (0)


From the Web

Cheating Part 2

December 07, 2010 from: Rsnake's blog at ha.ckers.org

It would have been fun to create a contest to see which strategies are the most effective in a bot on bot scenario. Is an all defensive strategy better, or an all offensive (always opportunistically taking the highest value word)? Or maybe a hybrid of both where you play defensively at some points or offensively when you know it’s better in the long run.

Comments  (0)


From the Web

Cheating Part 1

December 01, 2010 from: Rsnake's blog at ha.ckers.org

I just thought I’d write a few vaguely amusing posts having just come back from Abu Dhabi (Blackhat) and Brazil (OWASP). A few weeks back my Wife was having a rather fancy soiree work party that also had a casino night attached to it. I was pretty annoyed about the whole work party thing, having rarely had a good time at these things in the past. So immediately I start looking for ways to entert...

Comments  (0)


From the Web

FireSheep

November 16, 2010 from: Rsnake's blog at ha.ckers.org

I [Rsnake] go back and forth on whether I think FireSheep is interesting or not. Clearly, it’s old technology re-hashed. But it is interesting not because it works, but that it surprises people that it works. We’ve been talking about these problems forever, and now companies are scrambling to protect themselves. I guess the threat isn’t real until every newbie on earth has access to the hack...

Comments  (0)


From the Web

Website Security Statistics Report (2010) - Industry Bechmarks

November 08, 2010 from: Jeremiah Grossman's Blog

"How are we doing?" That's the question on the mind of many executives and security practitioners whether they have recently implemented an application security program, or already have a well-established plan in place. The executives within those organizations want to know if the resources they have invested in source code reviews, threat modeling, developer training, security tools, etc. are mak...

Comments  (0)


From the Web

Cooling Down the Firesheep

November 06, 2010 from: Mozilla Security Blog

There have been a number of reports about a new Firesheep tool that exposes a weakness in website security, letting attackers snoop on people using public networks, steal their cookies, access their accounts and pose as them on sites such as Facebook and Twitter. While the developers chose to use the Firefox add-on API, the tool could have just as easily been written and distributed as a stand-alo...

Comments  (0)


From the Web

Least Common Denominator

October 23, 2010 from: Rsnake's blog at ha.ckers.org

While at Bluehat Jeremiah got a question from someone (I believe he worked at Opera) saying that even something as simple as turning off third party cookies will break things like Yandex. Jer had an amusing response which was, “What’s that?” followed by, “So you’re telling me I need to be less secure because someone else wants to go to a site that I’ve never heard of?”

Comments  (0)


From the Web

Performance Primatives

October 21, 2010 from: Rsnake's blog at ha.ckers.org

Intel, Mozilla and Adobe. How are these companies related, you may ask? Well all of them care about performance. A year or so ago I was hanging out with the Intel guys and they informed me that they have a series of low level performance primitives that they surface through APIs. At the time I wasn't quite sure what to make of it.

Comments  (0)


From the Web

Obfuscated URLs within iframes

October 06, 2010 from: Mozilla Security Blog

Issue There has been discussion today about a Firefox feature that warns users when a site’s URL is deceptive. When a Firefox user visits a site with a url that might be deceptive (e.g. http://www.good.com@evil.com/) , Firefox will stop the load and confirm with the user that they are really visiting the site they expected to visit (in this example, evil.com is the ...

Comments  (0)


From the Web

HTTP Strict Transport Security

October 06, 2010 from: Mozilla Security Blog

A while ago, we talked about Force-TLS that lets sites say “hey, only access me over HTTPS in the future” and the browser listens. Well, this idea has been solidifed into a draft spec for HTTP Strict Transport Security (HSTS) and we’ve landed support for it into our source tree. This means that HSTS will be shipped with Firefox 4, and will be deployed as soon as the next beta release.

Comments  (0)


From the Web

Super Nuclear Worm Invades Kazakhstan

October 03, 2010 from: AEON Security Blog

When I first heard about Stuxnet, it made me shrug my shoulders just as much as I shrugged when hearing about Aurora – the “(un)Advanced Persistent Threat.” Outside from all the hype, the entire concept of “Stuxnet” being a “highly weaponized targeted” threat is way out of tune with reality. From everything I have read so far, everyone seems to be repeating what everyone else is repe...

Comments  (2)


From the Web

Odds, Disclosure, Etc…

September 18, 2010 from: Rsnake's blog at ha.ckers.org

I went to Data Loss DB the other day and I noticed an interesting downward trend over the last two years. It could be due to a lot of things. Maybe people are losing their laptops less or maybe hackers have decided to slow down all that hacking they were doing. No, I suspect it’s because in the dawn of social networking and collective thinking, companies fear disclosure more than ever before.

Comments  (0)


From the Web

Browser Differences, Minutia Et Al…

September 10, 2010 from: Rsnake's blog at ha.ckers.org

Browser security often turns into a religious war amongst technologists, instead of thinking about it pragmatically. What are the real motives of the companies that are developing the browsers? In most cases they care primarily about market share because market share makes them money (through search engine agreements, and so on).

Comments  (0)


From the Web

The Effect of Snakeoil Security

September 10, 2010 from: Rsnake's blog at ha.ckers.org

Bad security isn’t just bad because it allows you to be exploited. It’s also a long term cost center. But more interestingly, even the most worthless security tools can be proven to “work” if you look at the numbers. Here’s how.

Comments  (1)


From the Web

Prior Knowledge Of Users Cert Warning Behavior

September 02, 2010 from: Rsnake's blog at ha.ckers.org

One of the issues Josh and I talked about at Blackhat was how the SSL certificate warning message can be used to gain information about a user’s behavior and how that can be used against the user. Let’s say a man in the middle causes an error via proxying a well-known owner/subsidiary.

Comments  (0)


« First < Previous  | 1 - 2 - 3 - 4 - 5 |   Next > Last »