SEARCH RESULTS
 
Showing 1-10 of 14 records
 
Expand article

RSA Europe 2007 Trip Summary

2007-10-26 01:06:32 by Erik T. Heidt in Art of Information Security
 
...AJAX, are vulnerable to. Calebs presentations always mix static information with actual demonstrations of concepts. During this presentation he demonstrated a number of JavaScript application security faux pas A key thesis in the presentation was that Web 2.0 programing techniques, like AJAX, are dramatically increasing the attack surface of...
 
Tags: application security pitfalls, application, security, security theater, information security, software security errors, presentation, bruce, bruce schneier keynote
 
 
 
 
Expand article

DWR 2.0.5 Fixes XSS Vulnerability

2008-06-30 03:04:21 by Chris Eng in Zero in a bit
 
...Ajax implementation, download and install this update now As an aside, Ive been a fan of DWR for a while now, not only because of its ease of integration but also because it was the first Ajax framework to offer built-in CSRF protection. You could tell that Joe Walker was taking security seriously. For this particular vulnerability, I...
 
Tags: vulnerability, xss vulnerability, code, dwr, tiny code change, attack surface post, dwrs ajax implementation, ajax framework, saturday night
 
 
 
 
Expand article

Event Tracking Google Style

2008-07-22 19:46:05 by Tim Bass in The Complex Event Processing Blog
 
...AJAX widget or an audio player. In the old GA,webbies could track event-data as a pageview. However, becauseevent trackingusing crude pageviews is not very effective,GAaddednew functionality they refer to as Event Tracking There are 4 components in the GA events data model; Objects , Actions , Labels and Values . GA Objects are areas of web...
 
Tags: event, data model, events data model, track event-data, complex event, google, single event objects, model, objects
 
 
 
 
Expand article

Web 2.0 Attacks Revealed

2008-09-15 00:00:00 by Editor in Infosec Writers Latest Security Papers
 
...AJAX), Syndication, aggregation and notification of data in RSS or Atom feeds, mashups created by merging content from different sources. This paper also describes the security implications leading with the usage of web 2.0 technologies such as AJAX, RSS, and Mashups
 
Tags: web, paper, paper details, asynchronous java script, technologies, atom feeds, security concerns, mashups, ajax
 
 
 
 
Expand article

Our Blue Box Frappr map has grown to 315 member!

2007-11-30 10:17:43 by HASH0x896b698 in Blue Box: The VoIP Security Podcast
 
...AJAX-based Google maps to Flash-based Yahoo!Maps that took forever to load (and didn't show the world outside of North America). Today I randomly happened to look at it and found that Frappr's back to using Google Maps and that our map had grown to over 315 members! Very cool to see! If you haven't joined the map but are open to doing so, you...
 
Tags: frappr, frappr map, map, blue box, blue box skype, maps, google maps, email address versus, north america
 
 
 
 
Expand article

Our Blue Box Frappr map has grown to 315 member!

2007-11-30 11:16:31 by Dan York in Blue Box: The VoIP Security Podcast
 
...AJAX-based Google maps to Flash-based Yahoo!Maps that took forever to load (and didn't show the world outside of North America). Today I randomly happened to look at it and found that Frappr's back to using Google Maps and that our map had grown to over 315 members! Very cool to see! If you haven't joined the map but are open to doing so, you...
 
Tags: frappr, frappr map, map, blue box, blue box skype, maps, google maps, email address versus, north america
 
 
 
 
Expand article

New faces and predictions for the New Year...

2008-01-22 22:11:00 by sdl in The Security Development Lifecycle
 
...Ajax, Flash and Silverlight, so expect to see me blogging and speaking on these topics throughout the year Jeremy Dallman : Hi, Im Jeremy Dallman. Ive been at Microsoft since 2002 - starting in Windows Security on early versions of Vista. Shortly after Blaster, I was reassigned to the XP SP2 project and spent the next year as the project...
 
Tags: sdl team, team, sdl, sdl blog crew, cve, cve vulnerabilities, microsoft, single prediction, microsoft products
 
 
 
 
Expand article

Sexy Development Lifecycle

2008-01-30 01:37:00 by sdl in The Security Development Lifecycle
 
...Ajax apps, what have I really accomplished? I suppose that a few of those people might use my ideas to find vulnerabilities in the field, which is good. But security shouldnt start with the pentester after all, you cant test security into a product. Security should start with the developer, and then continue on with the tester, the pentester,...
 
Tags: developer security, developer security issues, security issues, developer, love developer cons, security, attend developer cons, developer cons, sdl
 
 
 
 
Expand article

The United Nations Serving Malware

The Article has images
2008-04-23 10:13:00 by HASH0x8b31c98 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...Ajax.htm nihaorr1 .com/ Ms06014.htm nihaorr1.com/ Bfyy.htm nihaorr1.com/ Lz.htm nihaorr1.com/ Pps.htm nihaorr1.com/ XunLei.htm and finally serve the malware, by also taking us out of the point and loading another malicious IFRAME farm at gg.haoliuliang.net/one/ hao8.htm?036 (222.73.44.162 Scanners Result: 18/ 32 (56.25...
 
Tags: malware, attack, malware attack, anti-malware vendor, media malware gang, htm, nihaorr1, load nihaorr1, attack tactic
 
 
 
 
Expand article

Thinking out the box

2008-05-22 05:50:00 by Allen Baranov, CISSP in Security Thoughts
 
...AJAX (of course), Google Gears and Mozilla Prism. I'm sure that Microsoft and Yahoo etc all have their own versions of the above and there will probably be some small niche players too Keep all the above free (with advertising) and you get a very useful and smart Office Suite that allows for collaboration and features such as backup and...
 
Tags: information centric security, information, information security, manage information, information security guys, security, extreme web, web, data