secure - Dave's Blog

Search
My timeline on Mastodon

Tweet from emily schechter

2016 Sep 8, 1:12
in Chrome 56, we'll mark HTTP pages with password or credit card form fields as "not secure". turn on HTTPS before! https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html 
PermalinkComments

Tweet from Philip II

2016 Jun 9, 9:01
Silly Queen Elizabeth thinks her nation secure from our Spanish Armada. We will soon see @lizbet1533 in chains. No naval power. Sad!
PermalinkComments

Retweet of FxSiteCompat

2016 Jan 27, 7:44
#Firefox 46 Developer Edition is out! Non-HTTPS pages w/ login form are now marked insecure https://www.fxsitecompat.com/versions/46/  pic.twitter.com/o2WZ6K2KxN
PermalinkComments

Retweet of ivanristic

2015 Feb 26, 2:45
Blink browser engine: "Intent to deprecate: Insecure usage of powerful features" https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/2LXKVWYkOus/gT-ZamfwAKsJ … < Pushing toward more HTTPS
PermalinkComments

On exploiting security issues in botnet C&C...

2014 Jun 23, 4:26


On exploiting security issues in botnet C&C software:

Hackers “are learning that it’s not so easy to write secure code,” Toro says. “Most of us in the business of securing our applications and systems know that bulletproofing software is an extremely expensive and exhaustive undertaking. Malware creators who have to look to their own defences would have to slow down the production of new attacks.”

FYI, if you want to know what it looks like when you hack a hacker, look no further than the seminal 1995 film Hackers.

PermalinkCommentstechnical security

IAmA a malware coder and botnet operator, AMA (reddit.com)

2012 May 11, 10:19

Very interesting - both technically as well as looking into the moral justifications the botnet operator provides. But equally interesting  is the discussion on Hacker News: http://news.ycombinator.com/item?id=3960034. Especially the discussion on the Verified by Visa (3D Secure) system and how the goal is basically to move liability onto the consumer and off of the merchant or credit card company.

PermalinkCommentstechnical security botnet credit-card

Malware Signed With a Governmental Signing Key - F-Secure Weblog : News from the Lab

2011 Nov 16, 12:19

“It’s not that common to find a signed copy of malware. It’s even rarer that it’s signed with an official key belonging to a government.”

PermalinkCommentstechnical ssl

Porn pranksters have a field day with YouTube injection flaw

2010 Jul 5, 4:23Cross-site scripting attack on YouTube over the weekend: "That turned out to be as simple as using two script tags in a row (<script><script>fun scripting stuff goes here!), as noted by F-Secure researcher Mikko H. Hypponen on Twitter—the first of the two tags would get stripped, and the second was allowed through."PermalinkCommentstechnical youtube security cross-site-scripting javascript

How Secure Is My Password?

2010 Jun 30, 11:08Come one and all from all over the web and tell me your password...PermalinkCommentssecurity javascript password tool

Securely Overwrite Files with a Built-in Command Line Trick

2010 Jun 25, 2:58"... all you need to do is specify the /W switch and the file or folder you want to overwrite—after you have already deleted it. cipher /W:C:\Path\To\Folder"PermalinkCommentstechnical cmd privacy security windows cipher delete

Draft: The Salmon Protocol

2010 Jun 20, 1:18Protocol for doing distributed commenting and implemented by Google Buzz! "This document defines a lightweight, robust, and secure protocol for sending unsolicited notifications — especially comments and responses on syndicated feed content — to specified endpoints; along with rules to enable resulting content to itself be syndicated robustly and securely."PermalinkCommentscomment blog atom rss google buzz salmon reference specification protocol syndication technical

The Emperor’s New APIs: On the (In)Secure Usage of New Client-side Primitives

2010 May 6, 7:43Covers case studies of insecure usage of HTML5 cross-document messaging and web storage.PermalinkCommentshtml html5 web browser security technical webstorage research facebook google system:filetype:pdf system:media:document

WebSandbox - Microsoft Live Labs

2010 May 6, 7:16"Today web gadgets, mashup components, advertisements, and other 3rd party content on websites either run with full trust alongside your content or are isolated inside of IFrames. As a result, many modern web applications are intrinsically insecure, often with unpredictable service quality. Live Labs Web Sandbox addresses this problem."PermalinkCommentsweb browser web-sandbox technical javascript html windows live security sandbox microsoft silverlight

YouTube - The Lazy Programmer's Guide to Secure Computing

2010 Mar 23, 9:10Laziness is a virtue in programming esp. wrt. security. Marc Stiegler gives a talk at Google on the topic.PermalinkCommentsvia:kris.kowal programming security video google lazy

PDF Most Common File Type in Targeted Attacks - F-Secure Weblog : News from the Lab

2010 Mar 22, 8:40PDF overtakes Word as targeted attack vector of choice.PermalinkCommentssecurity office adobe pdf word powerpoint microsoft technical statistics internet malware

Paleo-Future - Paleo-Future Blog - Burglars of the Future (1910)

2009 Dec 8, 12:02"This illustration, from the September 10, 1910 New York Tribune, imagines the rooftop burglars of the future. 'BURGLARS LEARN TO HANDLE THE AEROPLANE WITH PRECISION AND SILENCE: Our artist takes a look into the future and foresees the time when roofs must be secured as carefully as any other part of the home.'"PermalinkCommentshumor history burglar crime newspaper news

Dynamic CSRF White Paper Posted — Portal

2009 Aug 21, 3:13"At Black Hat USA 2009 and Defcon 17 Nathan Hamiel and Shawn Moyer introduced an attack called Dynamic Cross-Site Request Forgery (CSRF). This white paper discusses the attack and discusses several Dynamic CSRF attack vectors." Seems to require sites trying to secure CSRF scenarios using session IDs in their URLs.PermalinkCommentssecurity csrf research browser web technical

The Messenger Series - Microsoft Research

2009 Jul 15, 10:48"With a little help from Bill Gates (who secured the rights using personal funds), Microsoft is presenting a series of lectures on physics by Richard Feynman." The videos have subtitles, annotations and links.PermalinkCommentsrichard-feynman video bill-gates microsoft research physics education via:kottke

Secure Content Sniffing for Web Browsers or How to Stop Papers from Reviewing Themselves

2009 Apr 23, 2:22Review of mime sniffing based XSS attacks with recommended protections for both web sites and browsers. Also, surprising to me since I rarely see it in this sort of a paper, thought and stats on the compat. affects of their recommended changes for browsers. Very happy to see that in there!PermalinkCommentsweb security ie browser xss sniff mime firefox chrome safari html html5

Secure Beneath The Watchful Eyes on Flickr - Photo Sharing!

2008 Jul 24, 12:59I love this poster but I can't believe it was really displayed by the London Metro. Amazing. Reads: "Secure Beneath the Watchful Eyes, CCTV & Metropolitan Police on buses are just two ways we're making your journey more secure."PermalinkCommentsposter propaganda london england cctv art bus photo flickr privacy security
Older Entries Creative Commons License Some rights reserved.