Articles by Sandro Gauci
Sandro has over 8 years experience in the security industry and is focused on analysis of security challenges and providing solutions to such threats. His passion is vulnerability research and has previously worked together with various vendors such as Microsoft and Sun to fix security holes. Sandro is the founder of EnableSecuirty and author of the free VoIP security scanning suite SIPVicious (sipvicious.org). He can be contacted at sandro@enablesecurity.com.
Unless you have been sleeping under a stone for the past four years then you must have heard about Twitter in some way or another. The original idea behind Twitter was to provide a social …
If you are making use of OpenX, the following update fixes a number of security flaws that were identified when we made use of Acunetix WVS with the Acusensor technology enabled. Released an advisory detailing …
This warning does not refer to this particular site (Acunetix.com) but to quite a few websites out there. This is a notice that will show up when a Google search lists websites that are flagged …
Most social networking sites have privacy options which allow users to share photo albums with selected people or groups. Such features encourage end users to upload possibly compromising photos, for example photos of last night’s …
To address a large number of security concerns, it is often recommended that web applications make effective use of “the principle of least privilege“. The idea is that one should only grant the privileges on …
The recent compromise of Kaspersky’s support database left the company with a bit of explaining to do. The hacker published a blog post on hackersblog detailing stunts with Kaspersky’s USA support website. Kaspersky also published their own account based on their log files and the hacker’s (nicknamed unu) blog post. The following is a summary of what happened and how such attacks can be prevented.
Anyone who has tested even a small number of web configuration interfaces on embedded devices, such as managed routers, VoIP gateways and wireless routers, knows that these devices are notorious for web application vulnerabilities. It …
In the past days I came across a stimulating blog post titled “Dissecting a Multistage Web Attack that uses the recent IE7 0day”. The authors described how a vulnerable web application was then able to …
A recent post on “Full-Disclosure” mailing list referenced a web page called “Session Destroyer”. This web page is a demonstration by Kristian Erik Hermansen that promises to make logging off various popular websites very easy.
How …
To read part 1 of this article please refer to the previous post.
Note: a large number of vulnerabilities described in this post can be exploited to bypass safe_mode. It is not recommended to rely on …
