SecurityRatty: tag: ugly

Diminutive XSS Worm Contest Drama and Status Update

2008-01-06 17:34:38 by RSnake in ha.ckers.org web application security lab

...ugly head once again. This was in regards to the diminutive XSS worm contest . One of my favorites was where I was being compared to arming people with nuclear weapons . Clearly, and admittedly most of these people have no background in the issue and have never read this site or the rest of sla.ckers, as there is lots of samples of existing...

Tags: browser companies, browser, browser security arena, code, people visit, people, worm code, diminutive xss worm, xss worm

Cached Malware Embedded Sites

2007-12-16 18:18:26 by HASH0x8a09e44 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge

...ugly attack tactic I have in mind is not just embedding the IFRAME, but embedding an obfuscated IFRAME that leads to the usual obfuscated exploit URL, which is what happend in the Consulate's case, an obfuscated IFRAME by itself

Tags: sites, sites wrongly, web sites, malware, malicious site, site, single site offers, sites notification services, popular sites

Combating Unrestricted Warfare

2007-12-15 09:08:23 by HASH0x8472308 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge

...ugly combination of Sun Tzu's 3D perspective on warfare in combination with guerilla approaches to achieve one of Sun Tzu's most insightful quotes - " One hundred victories in one hundred battles is not the most skillful. Seizing the enemy without fighting is the most skillful. " Here's a summary of the study Two senior PLA Air Force...

Tags: chinese information warfare, information, information warfare, warfare, cyber warfare unit, cyber warfare, asymmetric warfare, unconventional warfare, warfare employs surprise

Massive RealPlayer Exploit Embedded Attack

2008-01-07 18:58:52 by HASH0x89c7e1c in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge

...ugly, what's most disturbing about it is the number of sites affected, which speaks for coordination at least in respect to having established the infrastructure for serving the exploit before the vulnerability became public One of our readers noted that there are a number of state government and educational sites that appear to have been...

Tags: exploit, realplayer exploit, uc8010 domain, domain, uc8010, exact exploit, attack uc8010, malware, malware exploitation kits

RBN's Fake Account Suspended Notices

2008-01-15 19:07:34 by HASH0x8b4a7ec in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge

...ugly puzzle picture appears thanks to everyone monitoring the RBN that is still 100% operational

Tags: media malware gang, malware gang, malware, rbn, exe, russian business network, actual operational department, fake account, network

Evil Silos

2008-01-24 15:42:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -

...ugly logs ), but this is a "bigger, better" evil :-): siloed approach to logs There is little that I hate more than siloed approach to logs. A situation when you have your security team "owning" network IDS logs, network team having firewall and router logs (as well as all SNMP traps) and, say, a sysadmins possessing (or, rather, ignoring!)...

Tags: network ids logs, logs, relevant logs, download logs, ugly logs, router logs, log management platform, log management, evil

Logging Poll #5 "Top Logging Challenges" Analysis

2008-02-08 11:06:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -

...ugly head via another popular response, Lack of log analysis tools , which made Top 5 responses Second , even though I didn't have any predictions about the #2 entry, but I was surprised: No way to effectively search all logs is a very close #2 (obviously, 1 vote is not statistically significant here). Indeed, log searching is an elusive...

Tags: enable log collection, log, log management, log analysis tools, collect logs, logs, log security, poll, log volume

Anti-Malware Vendor's Site Serving Malware

2008-02-12 20:31:18 by HASH0x8b333c4 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge

...ugly as you can see in the attached screenshot indicating a huge number of different malwares that were using ntkrnlpa.info as a connection/communication host in the past and in the present. I wonder would the vendor brag about their outbreak response time regarding the malware that come out of their site in times when malware authors are...

Tags: site, virut virus, virus, indian anti-virus site, malware, web site downloads, antivirus site, hackers, hackers seed malware

Wrapping up Threat Modeling

2008-02-14 22:51:35 by sdl in The Security Development Lifecycle

...ugly and inaccurate because our thoughts are foolish, but the slovenliness of our language makes it easier for us to have foolish thoughts. The point is that the process is reversible. Modern English, especially written English, is full of bad habits which spread by imitation and which can be avoided if one is willing to take the necessary...

Tags: threat, threat modelers, threat models, threat model, design, design specification, specification, set, challenges set people

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo