Skip to content

Category Archives: Web

Tabnabbing

On his website, Aza Raskin calls it Tabnabbing. Don’t miss the video there and the test web page. It is so simple and probably efficient with most users. Certainly another dangerous phishing attack.

Posted 04 July 2011 § Security Comments (0) ° Tagged: , , , ,

FFFjacking

FFFjacking is new web browser hacking technique discovered by  Roman Kümmel (aka .cCuMiNn.). Even though it requires a little of social engineering, it is quite dangerous. Yet another string to add to the bow.

Posted 03 June 2011 § Security Comments (0) ° Tagged: , , , , , , ,

How do you manage your passwords?

We all know that passwords sucks, that they are the nightmare of all administrators and security guys. So many hacks have been eased because the victims reused the same password everywhere : email account, forum, bank, critical systems… Sadly, so far, there is even not the beginning of a replacement solution. Passwords will be there [...]

Posted 17 April 2011 § Admin § Cracking § Defense § Desktop § Linux § openSUSE § Security § System Comments (4) ° Tagged: , , ,

Cloud in the security sky or should I see a psychologist?

The “cloud” is a buzz word that has been around for months. The marketing guys are pushing it so hard that every IT guy will hear of that at work soon or later. Taking a decision whether to use it or not requires some deep knowledge, because if its pros are clear – you can [...]

Posted 05 February 2011 § Security Comments (0) ° Tagged: , , , , ,

Microsoft’s Zozzle, Javascript malware detector

In an effort to detect malicious Javascript code, Microsoft is developing a tool named Zozzle, aimed to be embedded into the Javascript engine of a browser. The authors claim that it is both fast and efficient with a very low rate of false positive. Here is the report for more details.

Posted 01 February 2011 § Defense § Security Comments (0) ° Tagged: , , ,

Mitigating Slow HTTP DoS Attacks

Interesting article on the latest Apache and ModSecurity techniques to prevent DoS HTTP attacks. The attacks are well explained. I personally knew about Slowloris but didn’t about RUDY and post attacks.

Posted 24 November 2010 § Defense § Firewalling Comments (0) ° Tagged: , , , , ,

OpenID rants

After I tried to set this blog as my own OpenID provider using the OpenID WordPress plugin, I got a weired error message: “This is an OpenID Server, Nothing to See Here… Move Along” I could not find what as wrong, as all prerequisites were fulfilled, until I find this nice post. The patch there [...]

Posted 23 July 2010 § News § Security § Web Comments (0) ° Tagged: , , , ,

Books review

I just finished reading two electronic books I bought from O’reilly. Here is a short review on them. Hacking: the next generation The purpose of this book is to give to the readers an overview of the most common attacks nowadays. It covers all fields : social engineering, web attacks, networking, etc. It was easy [...]

Posted 16 May 2010 § Defense § Hacking § Privacy § Security Comments (0) ° Tagged: , , ,