Articles in articles
Yesterday night I was following some security related forums and some person posted a phishing kit for a popular bank from Romania. A phishing kit is a collection of scripts to help a script kiddie …
Wong Onn Chee and Tom Brennan from OWASP recently published a paper* presenting a new denial of service attack against web servers.
What’s special about this denial of service attack is that it’s very hard to …
“Clarification, additional guidance, and evolving requirements” – welcome to the new PCI standards! Hot off the press are the new PCI DSS and PA-DSS requirements which take effect January 1, 2011. So, if you work …
Don’t get caught off guard. We hear that statement all the time with regards to information security. Sadly, as many businesses have experienced, such talk is cheap. Obviously no one wants their Web site to …
A client of mine who’s a security administrator for a business in the financial industry contacted me recently about some odd behavior he was seeing on his network. Apparently numerous spidering/mirroring requests were being sent …
The District of Columbia recently attempted to give the opportunity to number of people who live or work overseas to be able to cast their vote remotely. To do this a secure E-Voting website costing over $300,000 was built. On Tuesday, September 28 2010 the first public trial run was launched. Thirty-six hours later the voting system was hacked by a student. It took nearly three days for D.C officials to realize that their system was compromised. The trial was immediately suspended and red-faced engineers and politicians quickly scrambled to find out how this breach could possibly have happened.
People who are at the top of their games such as Formula One engineers, neurosurgeons, stunt pilots and so on have one thing in common: they all have finely-tuned technical skills. This is not just …
The recent publicity and ranting about Twitter’s onMouseOver flaw* got me thinking about our perception of software quality and expectations of risk. Why is there no room for error when Twitter makes a mistake yet …
Everybody’s talking about the ASP.NET Padding Oracle vulnerability released a few days ago at the ekoparty Security Conference. However, until now there wasn’t enough information on how do you check if your application is …
Probably my biggest pet peeve related to application security is the claim by many (typically management) that “We know we’re secure, we just had an audit”. I can’t tell you how many times I’ve seen …
