Browse by Tags
All Tags »
Totally Hacked (
RSS)
First of I'd like to thank Guy for his excellent screencast - very convenient, so thanks. Specifically I liked introductory screencast for WCF which can be found here: http://blogs.microsoft.co.il/blogs/bursteg/pages/WCF-Introduction-Demo-_2800_ScreenCast_2900_.aspx It is dubbed in Hebrew, but the screens are flipping in so logical way so that one who does not understand Hebrew will be fine - go for it - recommended a lot for WCF newbies like me. My interest was to understand the pipeline that the...
Consider the following ASPX page: Here is why it cannot be accessed: When trying to navigate there you get: Great, love URL authorization!! Now let's examine another ASPX page: When navigating to this page you surprisingly get this: The reason for that is when using Server.Transfer the request to the second page does not go through the whole ASP.NET pipeline which includes URL Authorization module Security part is here http://msdn2.microsoft.com/en-us/library/ms998375.aspx Performance part is here...
I've recently presented Security Engineering topic during internal Microsoft convention to international audience (see Back From Seattle - Another Breathtaking Microsoft Convention ) and it went really good until I ran into trouble while trying to connect to compromised server using Terminal Services. The hack was about to exploit Dynamic SQL and Over Privileged Account to run nasty xp_cmdshell extended stored procedure (turned off by default in SQL Server 2005 - Run SQL Service with lowest possible...
From http://hosted.ap.org/dynamic/stories/T/TECH_TEST_NETWORKED_SPYCAM?SITE=AP&SECTION=HOME&TEMPLATE=DEFAULT&CTIME=2007-02-08-16-15-46 “If you've ever wondered whether the neighbors are taking a dip in your pool while you're at work or how the baby sitter is really treating your kids, the LukWerks Spy Camera might be for you.” Now let’s run some different scenario - you get cool present from your closest friend and you put it on your desktop. By doing so you just let your “closest friend...
From: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9009784&source=rss_topic82 January 30, 2007 (Computerworld) -- The Vermont Agency of Human Services (AHS) today started sending letters to about 70,000 individuals in the state warning them of a computer compromise that may have exposed their Social Security numbers and other personal data . But the AHS server that was hacked stored the data in unencrypted fashion , said Heidi Tringe, communications director...
It is not about the OS or Development Platform rather about what you do with this and how easy it can be done Please, read this Security no matter what the OS And then go for these depending on who you are at current moment: Home Users: IT folks: Developers: Cheers
http://www2.csoonline.com/blog_view.html?CID=28334 "The Tower Group, a research and advisory company focused on the financial services industry, believes that many mobile commerce offerings now emerging from the financial services sector " lack a reasonable and justifiable focus" on mobile security." Great!! We share our beliefs :) Cheers
http://www.gnucitizen.org/blog/what-happens-to-your-computer-if-you-mispell-googlecom Still hesitating about Security Engineering ? Did you read Gadi's blog? Read more "The Non-Admin blog" And start thinking on how to protect your Web and WinForm apps from XSS Cheers
"The log-in system used by Nordea has been the target of much criticism during recent months. Users log in to their accounts using their date of birth, a standing four-digit security code and a one-time code ." Building your own custom authentication system instead using industry proven one - recipe for the above. Here are some helpfull resources: How To: Create GenericPrincipal Objects with Forms Authentication How To: Protect Forms Authentication in ASP.NET 2.0 How To: Use Authorization Manager...
This time it is large retails chain which " suffered a massive computer breach on a portion of its network that handles credit card, debit card, check and merchandise transactions in the United States and abroad " The result: " Between eight and 10 Massachusetts banks have already had customers whose accounts were raided as a result of the breach ." Building new retail software or supporting the current one? - Security Engineering is your friend Cheers
Although passwords are weakest way for authentication one can raise the security bar by creating strong passwords that hard to crack . Here are some guidelines from guidance explorer for creating strong passwords: DO use a password with mixed-case letters. Use uppercase letters throughout the password. DO NOT just capitalize the first letter, but add uppercase letters throughout the password. DO NOT use a network login ID in any form (reversed, capitalized, or doubled as a password). DO use a password...
Hackers looking forward to iPhone [ January 13, 2007 ] from Computerworld and More money for hacker and ... security specialists [ November 28, 2006 ] from me :) So, how about some Security Engineering practices? Cheers
via: How not to write secure Web apps - and get to see Steve Jobs for Free! All the crypto and password logic was in client side javascript? hmmmmm.... Here is how you DO write secure web apps Cheers
...Michele Norin said, director of University of Arizona center for computing and IT. As a result of the breach : "The University of Arizona detected unauthorized access into computer systems on campus, which temporarily has affected some services in three areas. Those areas include Procurement and Contracting Services (PACS), the Student Union and University Libraries" I'll tell you how hacker got into the system: on the host level I believe they could use metasploit project compromising unpatched...
I was tagged by JD Meier as part of blog-tag chain . So here is my full disclosure for 5 things about me: I was born in Soviet Union (Da, Russian is my mother tongue). I speak fluently Hebrew, English, and learn French when in traffic jam listening to this disk . First and the last time I played such pyramid game was when I was 13. I asked my father for ten rubles , put it in envelop and sent it to some address hoping it will come back as 1000 rubles. It did not... I am a big fun of stout like Guinness...
More Posts
Next page »