SEARCH RESULTS
 
Showing 1-10 of 71 records
 
Expand article

How a Classic Man-in-the-Middle Attack Saved Colombian Hostages

2008-07-10 01:00:00 by Bruce Schneier in Wired Security
 
...classic man-in-the-middle attack In a man-in-the-middle attack, the attacker inserts himself between two communicating parties. Both believe they're talking to each other, and the attacker can delete or modify the communications at will. The Wall Street Journal reported how this gambit played out in Colombia The plan had a chance of working...
 
Tags: implement mitm attacks, implement, mitm attacks, mitm, attack, mitm attack, bank, bank demands authentication, bank assumes
 
 
 
 
Expand article

Classic Closeouts retailer booted from TRUSTe program

2008-10-06 00:00:00 by HASH0x8b5a3c0 in Network World on Security
 
Online retailer Classic Closeouts has been expelled from the TRUSTe consumer-protection program due to inappropriate handling of unauthorized credit-card charges
 
Tags: program due, credit-card charges, truste
 
 
 
 
Expand article

Hacking Mifare Transport Cards

2008-08-07 06:07:02 by schneier in Schneier on Security
 
...Classic" chip, is used in hundreds of other transport systems as well Boston, Los Angeles, Brisbane, Oslo, Amsterdam, Taipei, Shanghai, Rio de Janeiro and as an access pass in thousands of companies, schools, hospitals, and government buildings around Britain and the rest of the world The security of Mifare Classic is terrible. This is not an...
 
Tags: mifare, design, design secrecy, mifare classic chip, secrecy, security, secrecy supports security, security properly, chip
 
 
 
 
Expand article

Anton Security Tip of the Day #16: Virtually There - Journey Into VMWare ESX Log Analysis

2008-08-25 12:11:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -
 
...classic Linux root login message; you can watch for these by searching VMWare ESX logs for "session AND opened AND user AND root." Notice the user name of the user who switched to root May 30 09:20:34 esx2 sshd(pam unix)[9364]: session opened for user jhonny by (uid=0 This is also a classic Linux message for a normal (non-root) user login...
 
Tags: vmware, vmware esx, analyze vmware logs, analyze, vmware esx logs, esx, security tip, anton security tip, user
 
 
 
 
Expand article

Anton Security Tip of the Day #14: More accesslog Fun: What Are You Not GETting?

2008-03-12 13:35:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -
 
...classic it it dumb (and so dumb, it's a classic 10.10.123.226 - - [12/Feb/2008:03:46:54 -0800] " POST / vti bin/shtml.exe/ vti rpc HTTP/1.1" 404 - "-" "MSFrontPage/6.0 10.10.123.226 - - [12/Feb/2008:03:46:55 -0800] " OPTIONS / HTTP/1.1" 200 20210 "-" "Microsoft Data Access Internet Publishing Provider Protocol Discovery It is probably one of...
 
Tags: web server, server, web, web browsers, security, web discussion board, anton security tip, fun, modern apache
 
 
 
 
Expand article

Canadian farmer personal information on stolen CCGA laptop

The Article has images
2008-06-08 19:32:52 by Evan Francen in The Breach Blog
...classic "smash and grab Evan] Also classic as in another organization that either does not know how or is unwilling to properly secure confidential information The laptop has the bank account numbers and social insurance numbers of farmers who applied for Agriculture Canada's advance payments program, which is administered by the CCGA on...
 
Tags: information, laptop, financial information, confidential information, laptop affects, computer, strict security measures, ccga, laptop computer
 
 
 
 
Expand article

The Business Case for WAFs + Testing

2008-06-19 18:09:06 by Bill in Grumpy Security Guy
 
...classic. Since it was in ASP classic it had massive numbers of SQLi vulnerabilities. Everything from Blind SQLi to the always fun SQL statements in the URL. The customer said this application was roughly 250,000 lines of code with SQL hardcoded throughout. The reason the customer had called WhiteHat is because they where working on a big deal...
 
Tags: application, web application security, security, massive application, mod security, web application firewall, web site security, robust solution, solution
 
 
 
 
Expand article

Auditing open source software

2007-10-08 16:13:00 by Panayiotis Mavrommatis in Google Online Security Blog
 
...classic integer overflow condition and the bypass of the size check. A subsequent additional integer overflow in the allocation of a buffer leads to a heap-based buffer overflow gunzip . In September 2006, my colleague Tavis Ormandy reported some interesting vulnerabilities in the gunzip decompressor. They were triggered when an evil...
 
Tags: image, malicious image file, libtiff image, values, jpeg image, tiff header values, source, evil tiff file, evil
 
 
 
 
Expand article

Setting file ACLs with PowerShell part 4

2007-11-29 09:34:00 by Keith Brown in Security Briefs
 
...classic sense of a compiler, it does have a feature that allows you to constrain the type of a variable whenever it's assigned a value. Here's an example a = 42 [Int32] $b = 42 $a = "this works just fine" $b = "this generates an invalid cast exception This syntax allows you to create type-constrained variables. Now when I assign an object to...
 
Tags: values, invalid enumeration values, enumeration, enumeration values, new-object security, object, powershell, invalid cast exception, cast