Hackers “are learning that it’s not so easy to write secure code,” Toro says. “Most of us in the business of securing our applications and systems know that bulletproofing software is an
extremely expensive and exhaustive undertaking. Malware creators who have to look to their own defences would have to slow down the production of new attacks.”
FYI, if you want to know what it looks like when you hack a hacker, look no further than the seminal 1995 film Hackers.
Very interesting - both technically as well as looking into the moral justifications the botnet operator provides. But equally interesting is the discussion on Hacker News: http://news.ycombinator.com/item?id=3960034. Especially the discussion on the Verified
by Visa (3D Secure) system and how the goal is basically to move liability onto the consumer and off of the merchant or credit card company.
2010 Jul 5, 4:23Cross-site scripting attack on YouTube over the weekend: "That turned out to be as simple as using two script tags in a row (<script><script>fun scripting stuff goes here!), as noted by
F-Secure researcher Mikko H. Hypponen on Twitter—the first of the two tags would get stripped, and the second was allowed through."technicalyoutubesecuritycross-site-scriptingjavascript
2010 Jun 25, 2:58"... all you need to do is specify the /W switch and the file or folder you want to overwrite—after you have already deleted it. cipher /W:C:\Path\To\Folder"technicalcmdprivacysecuritywindowscipherdelete
2010 Jun 20, 1:18Protocol for doing distributed commenting and implemented by Google Buzz! "This document defines a lightweight, robust, and secure protocol for sending unsolicited notifications — especially comments
and responses on syndicated feed content — to specified endpoints; along with rules to enable resulting content to itself be syndicated robustly and securely."commentblogatomrssgooglebuzzsalmonreferencespecificationprotocolsyndicationtechnical
2010 May 6, 7:16"Today web gadgets, mashup components, advertisements, and other 3rd party content on websites either run with full trust alongside your content or are isolated inside of IFrames. As a result, many
modern web applications are intrinsically insecure, often with unpredictable service quality. Live Labs Web Sandbox addresses this problem."webbrowserweb-sandboxtechnicaljavascripthtmlwindowslivesecuritysandboxmicrosoftsilverlight
2009 Dec 8, 12:02"This illustration, from the September 10, 1910 New York Tribune, imagines the rooftop burglars of the future. 'BURGLARS LEARN TO HANDLE THE AEROPLANE WITH PRECISION AND SILENCE: Our artist takes a
look into the future and foresees the time when roofs must be secured as carefully as any other part of the home.'"humorhistoryburglarcrimenewspapernews
2009 Aug 21, 3:13"At Black Hat USA 2009 and Defcon 17 Nathan Hamiel and Shawn Moyer introduced an attack called Dynamic Cross-Site Request Forgery (CSRF). This white paper discusses the attack and discusses several
Dynamic CSRF attack vectors." Seems to require sites trying to secure CSRF scenarios using session IDs in their URLs.securitycsrfresearchbrowserwebtechnical
2009 Jul 15, 10:48"With a little help from Bill Gates (who secured the rights using personal funds), Microsoft is presenting a series of lectures on physics by Richard Feynman." The videos have subtitles, annotations
and links.richard-feynmanvideobill-gatesmicrosoftresearchphysicseducationvia:kottke
2009 Apr 23, 2:22Review of mime sniffing based XSS attacks with recommended protections for both web sites and browsers. Also, surprising to me since I rarely see it in this sort of a paper, thought and stats on the
compat. affects of their recommended changes for browsers. Very happy to see that in there!websecurityiebrowserxsssniffmimefirefoxchromesafarihtmlhtml5
2008 Jul 24, 12:59I love this poster but I can't believe it was really displayed by the London Metro. Amazing. Reads: "Secure Beneath the Watchful Eyes, CCTV & Metropolitan Police on buses are just two ways we're
making your journey more secure."posterpropagandalondonenglandcctvartbusphotoflickrprivacysecurity
Blink browser engine: "Intent to deprecate: Insecure usage of powerful features"
https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/2LXKVWYkOus/gT-ZamfwAKsJ … < Pushing toward more HTTPS
Some rights reserved