SecurityRatty: tag: classic

How a Classic Man-in-the-Middle Attack Saved Colombian Hostages

2008-07-10 01:00:00 by Bruce Schneier in Wired Security

...classic man-in-the-middle attack In a man-in-the-middle attack, the attacker inserts himself between two communicating parties. Both believe they're talking to each other, and the attacker can delete or modify the communications at will. The Wall Street Journal reported how this gambit played out in Colombia The plan had a chance of working...

Tags: implement mitm attacks, implement, mitm attacks, mitm, attack, mitm attack, bank, bank demands authentication, bank assumes

Hacking Mifare Transport Cards

2008-08-07 06:07:02 by schneier in Schneier on Security

...Classic" chip, is used in hundreds of other transport systems as well Boston, Los Angeles, Brisbane, Oslo, Amsterdam, Taipei, Shanghai, Rio de Janeiro and as an access pass in thousands of companies, schools, hospitals, and government buildings around Britain and the rest of the world The security of Mifare Classic is terrible. This is not an...

Tags: mifare, design, design secrecy, mifare classic chip, secrecy, security, secrecy supports security, security properly, chip

Anton Security Tip of the Day #14: More accesslog Fun: What Are You Not GETting?

2008-03-12 13:35:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -

...classic it it dumb (and so dumb, it's a classic 10.10.123.226 - - [12/Feb/2008:03:46:54 -0800] " POST / vti bin/shtml.exe/ vti rpc HTTP/1.1" 404 - "-" "MSFrontPage/6.0 10.10.123.226 - - [12/Feb/2008:03:46:55 -0800] " OPTIONS / HTTP/1.1" 200 20210 "-" "Microsoft Data Access Internet Publishing Provider Protocol Discovery It is probably one of...

Tags: web server, server, web, web browsers, security, web discussion board, anton security tip, fun, modern apache

Canadian farmer personal information on stolen CCGA laptop

2008-06-08 19:32:52 by Evan Francen in The Breach Blog

...classic "smash and grab Evan] Also classic as in another organization that either does not know how or is unwilling to properly secure confidential information The laptop has the bank account numbers and social insurance numbers of farmers who applied for Agriculture Canada's advance payments program, which is administered by the CCGA on...

Tags: information, laptop, financial information, confidential information, laptop affects, computer, strict security measures, ccga, laptop computer

The Business Case for WAFs + Testing

2008-06-19 18:09:06 by Bill in Grumpy Security Guy

...classic. Since it was in ASP classic it had massive numbers of SQLi vulnerabilities. Everything from Blind SQLi to the always fun SQL statements in the URL. The customer said this application was roughly 250,000 lines of code with SQL hardcoded throughout. The reason the customer had called WhiteHat is because they where working on a big deal...

Tags: application, web application security, security, massive application, mod security, web application firewall, web site security, robust solution, solution

Auditing open source software

2007-10-08 16:13:00 by Panayiotis Mavrommatis in Google Online Security Blog

...classic integer overflow condition and the bypass of the size check. A subsequent additional integer overflow in the allocation of a buffer leads to a heap-based buffer overflow gunzip . In September 2006, my colleague Tavis Ormandy reported some interesting vulnerabilities in the gunzip decompressor. They were triggered when an evil...

Tags: image, malicious image file, libtiff image, values, jpeg image, tiff header values, source, evil tiff file, evil

Setting file ACLs with PowerShell part 4

2007-11-29 09:34:00 by Keith Brown in Security Briefs

...classic sense of a compiler, it does have a feature that allows you to constrain the type of a variable whenever it's assigned a value. Here's an example a = 42 [Int32] $b = 42 $a = "this works just fine" $b = "this generates an invalid cast exception This syntax allows you to create type-constrained variables. Now when I assign an object to...

Tags: values, invalid enumeration values, enumeration, enumeration values, new-object security, object, powershell, invalid cast exception, cast

Links for 2007-12-20 [del.icio.us]

2007-12-21 00:00:00 by Editor in Anton Chuvakin Blog -

...classic CIA model is privacy. Privacy might superficially seem like a sub-topic under confidentiality, but privacy goes way beyond confidentiality. True, users data must be protected, and data protection is part of privacy High Tower Blogs > Security Insights Blog Archive The Fortress Mentality Intel Open Port: IT@Intel Blog: The Four Dirty...

Tags: security, security investments, application security, information security, application, users data, data, data protection, security growth

STRIDE chart

2007-09-11 23:18:00 by sdl in The Security Development Lifecycle

...classic example, but going from a limited user to admin is also EoP Update: fixed the table so it displays all four columns

Tags: threat, stride, windows, windows source code, web site, stride mitigations, code, user, remote internet user

Dutch RFID Transit Card Hacked

2008-01-21 06:35:43 by schneier in Schneier on Security

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo