XSS vs SQL injection

August 3, 2007

Somtimes I love to check trends.

XSS vs SQL injection

(click image for ++)


Biometrics

August 2, 2007

There is some interesting discussion going on @ Slasdot about biometric identification.

 From comments:
I hope this system includes some method to check whether the rest of the person apart from the face is present. Some poor Malaysian fellow has already lost a finger. I’d hate to have my head stolen just to access my bank account.”

Oh, yes, the story is “Using Face Recognition Instead of a PIN Number


Researchers hack into electronic voting machines

July 31, 2007

“Computer scientists from California universities have hacked into three electronic voting systems used in California and elsewhere in the nation and found several ways in which vote totals could potentially be altered, according to reports released yesterday by the state.”

Read full story at The New York Times


Firefox 2.0.0.5 vulnerability

July 30, 2007

“According to a message posted over the weekend on the Full-Disclosure mailing list, the latest version of Firefox 2.0.0.5, contains a password management vulnerability that can allow malicious Web sites to steal user passwords. If you have JavaScript enabled and allow Firefox to remember your passwords, you are at risk from this flaw.”

Full text at linux.com


Comment form Slashdot

July 30, 2007

While reading slashdot I came across KisMAC Developer Discontinues Project article. It states, that because of some new German law participation for the main persons behind KisMAC Michael Rossberg has become dangerous.

“Make everybody a criminal in theory, so it’s easier is to suppress the general population.” – rolfwind


Spammer-X

July 24, 2007

Former spammer Ed who also calls himself Spammer-X (his book) predicts the problem will only get worse, aided by consumers who still buy products and faster broadband speeds. Full article from Computerworld.


Interview with MPack developer

July 23, 2007

Here is the interview with one of the MPack developers. For those of you who don’t know MPack is malware distribution and attack kit sold commercially through underground channels on the Internet.

How do you get the exploits for MPack? Do you buy them?

For our pack, there are two main methods of receiving exploits: The first one is guys sending us any material they find in the wild, bought from others or received from others; the second one is analyzing and improving public reports and PoC (proof-of-concept code).

We sometimes pay for exploits. An average price for a 0-day Internet Explorer flaw is $10,000 in case of good exploitation.”


Is your pc virus free? Get it infected here!

July 17, 2007

ad.pngDidier Stevens has done a great job wit his AdWords experiment. He bought a cheap *.info domain, paid couple of euros to Google for “Is your pc virus free? Get it infected here” ad and counted the clicks.


This is seclog

July 17, 2007

As a computer security engineer my knowledge always has to be up to date. It involves lots and lots of reading. Every day I go through tons of RSS feeds and hundreds of security related news. Not all of them are useful (at least for me) so before reading I have to scan the text and filter off articles that would be waste of my time. Then there are news/articles/publications I am interested in, but it’s important only for some time or is useful, but involves lot of further research form my side; these are quite good, but not worth mentioning here. Finally there are brilliant peaces of writings I have found interesting/particularly useful/fun to read etc. and want to introduce to you.

As I am busy at my day to day job and research I’ll keep my posts as short as possible. Most of the time I will post some links or pointers to someone’s writings with short review form my side.

As I am not native English speaker feel free to point out some spelling errors or word misuse. Yes, and I’ll be more then glad to answer your emails – mr.seclog[here_goes_at]gmail.com.