A Great Article on Open Source HTTP Load Testing
Using free software for HTTP load testing T(c(r))rusty old Curl. Whatever happened to Elza
SEARCH RESULTS
 |  |
 |  |
 |  |
 |
Showing 1-10 of 531 records
| |
| |
| |
|
Google Spamming Us
You know, we get some really odd traffic. Some of it good, some of it not so much. Lets take a look at some of Googles traffic since its a slow day. If nothing else its good for a laugh. First lets look at Google trying to hack us - XSS style
66.249.73.40 - - [26/Nov/2007:01:53:58 +0000] GET /blog/?%22%3E%3Cscript%3Ealert(1)%3C/script%3E...
| |
| |
| |
|
Moto Q9 DoS and Fingerprinting
So I got a new smart phone, which has been highly entertaining when Im stuck in airports, or waiting for meetings or whatever. Its a Moto-Q9 . Boy is it sexy - lots of features, fairly fast. It kinda reminds me of what Windows95 used to be - usable but not fast. It has the new version of Microsofts mobile operating system on there with direct...
| |
| |
| |
|
Phishing Holes
Hi everyone, Bryan Sullivan here
Heres a quiz for you. Quick, tell me what page the following URL is going to take you to
http://www.somebank.com/welcome.aspx?p=http%3A%2F%2Fwww.somebank.com%2Flogin.aspx
If you answered www.somebank.com/welcome.aspx, youre right. But if you answered www.somebank.com/login.aspx, youre also right. How can both of...
| |
| |
| |
|
XSF & XSS: Double your pleasure, double your fun
If you've read this blog, or those of my peers, you're likely quite familiar with cross-site scripting, and the problems associated with open redirect vulnerabilities. A vulnerability you may be less familiar with is cross-site framing , which largely couples the best of both above-mentioned vulnerabilities
What then, if there's a cross-site...
| |
| |
| |
|
Anton Security Tip of the Day #14: More accesslog Fun: What Are You Not GETting?
Following the tradition of posting a tip of the week (mentioned here , here ; SANS jumped in as well ), I decided to follow along and join the initiative. One of the bloggers called it "pay it forward " to the community
So, Anton Security Tip of the Day #14: More access log Fun: What Are You Not GETting
In this tip, we will look at some bizarre...
| |
| |
| |
|
That thing you do keystroke dynamics
For years, security professionals have known and been saying that passwords themselves are inadequate thus the need for two-factor (or stronger) authentication. However, multifactor authentication implementations are typically known to be costly (e.g. issuing tokens or biometric readers). Further, many companies report user push-back: some...
| |
| |
| |
|
Zango's in your Face(book)
The Zangonistas are at it again, this time deftly disguising their "software" as a Facebook Widget. Fortinet, who discovered the issue, discusses the "Secret Crush" widget at length, so no need to repeat their extensive effort
Instead, I'd like to offer a bit of analysis, then invoke a debate
ANALYSIS
I ran Setup.exe, as found in...
| |
| |
| |
|
Redmondmag...I told you so!
There is no more egregious an act of negligence committed by online vendors and businesses than ignoring notifications of vulnerabilities found in their applications
So when Dancho Danchev pointed out that Redmond Magazine had been SQL injected by Chinese Hacktivists, I was both appalled, yet not surprised
On January 29th, 2008 I informed 1105...
| |
| |
| |
|
How Do I Get ISO27001 Certification?
2008-05-20 17:31:23 by Posted By: Carsten Casper, Research Director in IT Leaders - Security and Risk Management
Everybody has heard of the international standard ISO 27001 (or at least of its U.K. predecessor, BS7799-2). Now, more and more people wonder: How do I get a certificate for my organization? While in some countries (such as the U.K. and Germany), it's more common to get a certificate, in the U.S. it's not. Well, there are two ways to approach...