XSS and SQL injection
These attacks are not new but yet are still very effective against web applications. Here is an article that discusses how to test for such vulnerabilities and how to mitigate them.
Tabnabbing
HTTPS Everywhere
Most websites support HTTPS but do not switch users to the more secure protocol when they visit their sites. The EFF and Tor project have collaborated to release a Firefox addon to automatically redirect users' sessions to HTTPS.
Here I demonstrate a Google search prior to installing the plug-in. My search is trasmitted over the Internet in cleartext. After installing the tool, my Google search is automatically secured over HTTPS. The tool has a default list of websites supported but offers the flexibility of adding your own URLs to be managed by it.
Here I demonstrate a Google search prior to installing the plug-in. My search is trasmitted over the Internet in cleartext. After installing the tool, my Google search is automatically secured over HTTPS. The tool has a default list of websites supported but offers the flexibility of adding your own URLs to be managed by it.
iPhone pin bypass
Another reason to love "Lucid Lynx". Security researcher discovers that Ubuntu 10.04 permits users to access data on iPhone without needing to know the security pin. Too bad I do not own an iPhone to test this myself.
Automated social engineering
Cool POC. It again demonstrates how humans are the weakest link in security. You can educate people and display warnings but victims will still click on malicious links.
Subscribe to:
Posts (Atom)
-
This annoying message popped up after I ran the update in avast! in Ubuntu yesterday. avast! crashes every time I attempt to launch it after...
-
I decided to install a digital certificate for my Gmail account. This is simple and free to set up. Apply for a free certificate from Comod...