Archive for the 'General' Category

XSS vs SQL injection

August 3, 2007

Somtimes I love to check trends.

XSS vs SQL injection

(click image for ++)



August 2, 2007

There is some interesting discussion going on @ Slasdot about biometric identification.

 From comments:
I hope this system includes some method to check whether the rest of the person apart from the face is present. Some poor Malaysian fellow has already lost a finger. I’d hate to have my head stolen just to access my bank account.”

Oh, yes, the story is “Using Face Recognition Instead of a PIN Number

Firefox vulnerability

July 30, 2007

“According to a message posted over the weekend on the Full-Disclosure mailing list, the latest version of Firefox, contains a password management vulnerability that can allow malicious Web sites to steal user passwords. If you have JavaScript enabled and allow Firefox to remember your passwords, you are at risk from this flaw.”

Full text at

Comment form Slashdot

July 30, 2007

While reading slashdot I came across KisMAC Developer Discontinues Project article. It states, that because of some new German law participation for the main persons behind KisMAC Michael Rossberg has become dangerous.

“Make everybody a criminal in theory, so it’s easier is to suppress the general population.” – rolfwind

Is your pc virus free? Get it infected here!

July 17, 2007

ad.pngDidier Stevens has done a great job wit his AdWords experiment. He bought a cheap *.info domain, paid couple of euros to Google for “Is your pc virus free? Get it infected here” ad and counted the clicks.

This is seclog

July 17, 2007

As a computer security engineer my knowledge always has to be up to date. It involves lots and lots of reading. Every day I go through tons of RSS feeds and hundreds of security related news. Not all of them are useful (at least for me) so before reading I have to scan the text and filter off articles that would be waste of my time. Then there are news/articles/publications I am interested in, but it’s important only for some time or is useful, but involves lot of further research form my side; these are quite good, but not worth mentioning here. Finally there are brilliant peaces of writings I have found interesting/particularly useful/fun to read etc. and want to introduce to you.

As I am busy at my day to day job and research I’ll keep my posts as short as possible. Most of the time I will post some links or pointers to someone’s writings with short review form my side.

As I am not native English speaker feel free to point out some spelling errors or word misuse. Yes, and I’ll be more then glad to answer your emails – mr.seclog[here_goes_at]