SEARCH RESULTS
 
Showing 1-10 of 86 records
 
Expand article

Open redirect vulnerabilities article - (IN)SECURE Issue 17

The Article has images
2008-06-26 10:18:00 by Russ McRee in HolisticInfoSec.org
I've written a comprehensive piece on the dangers of open redirects that's been published in Issue 17 of (IN)SECURE Magazine . Page 43 for your reading pleasure An open redirect is a vulnerability that exists when a script allows redirection to an external site by directly calling a specific URL in an unfiltered unmanaged fashion, which could be...
 
Tags: redirect, issue, redirect victims, malicious web sites, giant pet peeve, specific url, vulnerability, article, dangers
 
 
 
 
Expand article

University of Miami reports stolen tapes affecting patients

The Article has images
2008-04-25 15:34:41 by Evan Francen in The Breach Blog
Technorati Tag: Security Breach Date Reported 4/17/08 Organization University of Miami Contractor/Consultant/Branch Archive America Ltd Victims Medical patients that visited university medical facilities since January 1st, 1999 Number Affected more than 2 million" (2,000,000 According to the ComputerWorld report . The University of Miami...
 
Tags: personal information belongs, personal information, tapes, university, information, financial information, secure information services, data, usable data
 
 
 
 
Expand article

Moto Q9 DoS and Fingerprinting

2008-01-12 18:10:21 by RSnake in ha.ckers.org web application security lab
 
So I got a new smart phone, which has been highly entertaining when Im stuck in airports, or waiting for meetings or whatever. Its a Moto-Q9 . Boy is it sexy - lots of features, fairly fast. It kinda reminds me of what Windows95 used to be - usable but not fast. It has the new version of Microsofts mobile operating system on there with direct...
 
Tags: accept language, accept, devcap, devcap charset, devcap numsoftkeys, accept charset, devcap screenpixels, cell phone hacker, phone
 
 
 
 
Expand article

Blue Box SE#024: An Update on Blue Box, Upcoming Shows and A Request For Assistance

The Article has audio podcast
2008-03-07 13:07:24 by HASH0x8b4e67c in Blue Box: The VoIP Security Podcast
 
Synopsis: Special Edition #24: An Update on Blue Box, upcoming shows and a request regarding production assistance Welcome to Blue Box: The VoIP Security Podcast Special Edition #24, a 17-minute update on the status of Blue Box episodes, the shows we are attending and a request regarding production assistance Download the show here (MP3, 8MB) or...
 
Tags: blue box, blue box website, blue box episodes, blue box listeners, march, march 18th, march 12th, ietf, listeners
 
 
 
 
Expand article

Blue Box SE#024: An Update on Blue Box, Upcoming Shows and A Request For Assistance

2008-03-07 12:34:42 by Dan York in Blue Box: The VoIP Security Podcast
 
Synopsis: Special Edition #24: An Update on Blue Box, upcoming shows and a request regarding production assistance Welcome to Blue Box: The VoIP Security Podcast Special Edition #24, a 17-minute update on the status of Blue Box episodes, the shows we are attending and a request regarding production assistance Download the show here (MP3, 8MB) or...
 
Tags: blue box, blue box website, blue box episodes, blue box listeners, march, march 18th, march 12th, ietf, listeners
 
 
 
 
Expand article

Say When - Trusting Log Timestamps

2008-03-23 04:05:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -
 
Am I a leading visionary in the field of log management ? :-) Who cares - I will now pontificate as if I am :-) It is about time: specifically, timing logs. As I said in my Log Trust and Protecting Logs from Admins posts, the issue of trust is critical in the logging world. After all, logs = accountability ; and the latter in unthinkable without...
 
Tags: logs, windows event logs, syslog files, syslog, define logs, syslog-ng, system logs, syslog daemon, time
 
 
 
 
Expand article

Auditing open source software

2007-10-08 16:13:00 by Panayiotis Mavrommatis in Google Online Security Blog
 
Written by Chris Evans, Security Team Google encourages its employees to contribute back to the open source community, and there is no exception in Google's Security Team. Let's look at some interesting open source vulnerabilities that were located and fixed by members of Google's Security team. It is interesting to classify and aggregate the...
 
Tags: image, malicious image file, libtiff image, values, jpeg image, tiff header values, source, evil tiff file, evil
 
 
 
 
Expand article

Google Spamming Us

2007-12-20 22:11:11 by RSnake in ha.ckers.org web application security lab
 
You know, we get some really odd traffic. Some of it good, some of it not so much. Lets take a look at some of Googles traffic since its a slow day. If nothing else its good for a laugh. First lets look at Google trying to hack us - XSS style 66.249.73.40 - - [26/Nov/2007:01:53:58 +0000] GET /blog/?%22%3E%3Cscript%3Ealert(1)%3C/script%3E...
 
Tags: google, html http1, http1, html, google likes viagra, referrer spam, spam, google spam, con google
 
 
 
 
Expand article

The RSA Conference

2008-04-22 06:35:59 by schneier in Schneier on Security
 
Last week was the RSA Conference, easily the largest information security conference in the world. Over 17,000 people descended on San Francisco's Moscone Center to hear some of the over 250 talks, attend I-didn't-try-to-count parties, and try to evade over 350 exhibitors vying to sell them stuff Talk to the exhibitors, though, and the most...
 
Tags: non-security companies, companies, end-user security industry, security industry, information security conference, information security, automobile companies, security companies, security
 
 
 
 
Expand article

The RSA Conference

2008-04-22 06:35:59 by schneier in Schneier on Security