Category Archives: Web

Tabnabbing

On his website, Aza Raskin calls it Tabnabbing. Don’t miss the video there and the test web page. It is so simple and probably efficient with most users. Certainly another dangerous phishing attack.

FFFjacking

FFFjacking is new web browser hacking technique discovered by  Roman Kümmel (aka .cCuMiNn.). Even though it requires a little of social engineering, it is quite dangerous. Yet another string to add to the bow.

How do you manage your passwords?

We all know that passwords sucks, that they are the nightmare of all administrators and security guys. So many hacks have been eased because the victims reused the same password everywhere : email account, forum, bank, critical systems… Sadly, so far, there is even not the beginning of a replacement solution. Passwords will be there [...]

Cloud in the security sky or should I see a psychologist?

The “cloud” is a buzz word that has been around for months. The marketing guys are pushing it so hard that every IT guy will hear of that at work soon or later. Taking a decision whether to use it or not requires some deep knowledge, because if its pros are clear – you can [...]

Microsoft’s Zozzle, Javascript malware detector

In an effort to detect malicious Javascript code, Microsoft is developing a tool named Zozzle, aimed to be embedded into the Javascript engine of a browser. The authors claim that it is both fast and efficient with a very low rate of false positive. Here is the report for more details.

Mitigating Slow HTTP DoS Attacks

Interesting article on the latest Apache and ModSecurity techniques to prevent DoS HTTP attacks. The attacks are well explained. I personally knew about Slowloris but didn’t about RUDY and post attacks.

OpenID rants

After I tried to set this blog as my own OpenID provider using the OpenID WordPress plugin, I got a weired error message: “This is an OpenID Server, Nothing to See Here… Move Along” I could not find what as wrong, as all prerequisites were fulfilled, until I find this nice post. The patch there [...]

Books review

I just finished reading two electronic books I bought from O’reilly. Here is a short review on them. Hacking: the next generation The purpose of this book is to give to the readers an overview of the most common attacks nowadays. It covers all fields : social engineering, web attacks, networking, etc. It was easy [...]