If you enjoyed this post, make sure you subscribe to my RSS feed!
Entries Tagged as 'Security'
Greg Hoglund = Cory Feldman
July 30th, 2008 ·
Tags: Security
The Business Case for WAFs + Testing
June 19th, 2008 ·
Here is a real world story about a customer of ours, this was a few years ago and was one of the key points in bringing the F5/Mod_security/WhiteHat integrated solution to market.
This customer had a massive application written in ASP classic. Since it was in ASP classic it had massive numbers of SQLi vulnerabilities. Everything [...]
Tags: Security
When ISPs Attack!
June 19th, 2008 ·
Here is a scary story about a company, Nebuad (no link juice for you!) that performs a MITM attack all in the name of better ads. Now sniffing to get better data on your customers has been around for a while. In fact I worked at a company that did this as part of our [...]
Tags: Security · web site security
Dude Don’t Hack My Coffee
June 17th, 2008 ·
As someone trying to get off the coffee train I find the recent reports of vulnerabilities in network connected coffee machines somewhat amusing. It seems some guy that has $2,900 to spend on a coffee maker(!!) also has the skillz to find a buffer overflow in it.
This type of thing is only going to increase [...]
Tags: Security
PCI 6.6 clarified
April 22nd, 2008 ·
Trey Ford has a good roundup of the new PCI 6.6 clarification in PCI 6.6 Information Supplement Released. All I have to say is well done to the PCI council! From my first pass it seems like it is pretty clear AND they understand the issues organizations are facing. I have a few nits, here [...]
Tags: Security · Security Industry
Your ID is worth $2
April 10th, 2008 ·
According to this story your ID (if you are a US citizen is now worth about $2. This is a pretty simple example of the laws of supply and demand hitting the ID market. The market appears to be flooded at the moment thus cost are going down. It is interesting that EU IDs are [...]
Tags: Security
Mac Hacked in 2 Minutes, Apple is a lame patcher
March 27th, 2008 ·
At the CanSec West conference Charlie Miller wins the PWN 2 OWN contest. I think these contest are kinda lame as they do not prove much, other than Charlie Miller was most likely sitting on a vulnerability waiting until the contest. I still think it is some what cool that there are people that are [...]
Tags: OS X · Security · Security Industry
FBI CSRF and Jail How to Get Someone Raided
March 20th, 2008 ·
This seems pretty scary. Apparently the FBI posted a link on some online forum that claimed to display kiddy porn. The story is here.
Upon reading this the first thing that popped into my mind was CSRF(Cross Site Request Forgery) Now this is not classic CSRF since CSRF generally implies I am exercising some functionality on [...]
Tags: Security · Security Industry · web site security
The Big Announcement
March 12th, 2008 ·
I’ve not been this pumped about something in a long time. Jeremiah actually has been pulling me into liking this idea for a very long time. I hated it at first. I mean WAFs, bleh. Plus I mean didn’t we already try scanners + WAFs before? Oh yeah the total trainwreck that was AVDL. So one [...]
Tags: Security · Security Industry · web site security
5 Lessons on Public Disclosure From Elliot Spitzer
March 12th, 2008 ·
Regardless of what you think about now former governor Spitzer and what he did, we can learn a lot from how he handled the public disclosure of his err “vulnerability” Here are 5 lessons you can use if you ever find yourself involved in a public disclosure of a vulnerability on your web site or [...]
Tags: Security
