Hahaha, ligatt security,cea mai tare reclama!!

Posted May 22nd, 2010. Filed under DotCom
spaceeeee
spaceeeee

Google sau Big brother?

Posted May 17th, 2010. Filed under DotCom

De mai multe zile circulă pe internet cum că google ar colecta informaţii trimise prin reţelele WI-FI nesecurizate cu ajutorul Google Street View Cars şi până la urmă au recunoscut.

spaceeeee

googlefail

spaceeeee

“According to Alan Eustace, senior vice-president of research and engineering at Google some experimental code for sampling all categories of public broadcast WiFi data was included by mistake in the software used by the Street View cars.
“The project leaders did not want, and had no intention of using, payload data,” he said in a blog post.

spaceeeee

As soon Google became aware of the problem, the company stripped out the data and have begun consultations with regulators on how best to dispose of it, said Eustace.

spaceeeee

“We are acutely aware that we failed badly here. We are profoundly sorry for this error and are determined to learn all the lessons we can from our mistake.”

spaceeeee

Şi acum hai să credem că a fost din greşeală 🙂

spaceeeee

Source : http://www.computerweekly.com/Articles/2010/05/17/241242/Google-says-Street-View-cars-collected-WiFi-data-by.htm

Mozilla a lansat un checker pentru browser

Posted May 14th, 2010. Filed under DotCom

plugin

Cei de la Mozilla au demonstrat de multe ori cat de mult tin la securitatea noastra.Sunt utilizator de Mozilla,nu cred ca pot sa folosesc altceva si nici nu cred ca am de ce.(asta nu inseamna ca nu am instalat si altceva ex Google Chrome).
De data aceasta cei de la Mozilla au venit cu idee interesanta , au lansat un checker ce verifica fiecare plugin instalat si ofera update-uri pentru el.
Puteti vedea ce plugin-uri sunt vulnerabile si au nevoie de update aici : https://www.mozilla.com/en-US/plugincheck/
Sunt curios cati dintre voi folositi mozilla si ce pluginuri au nevoie de upate-uri sau numarul lor.

Hackers:who are hackers?

Posted May 10th, 2010. Filed under DotCom

Hackers

Este ceva mai vechi dar merita sa aruncati un ochi.

“Curador is a 18-year old hacker from rural Wales who in the winter of 2000 stole an estimated 26,000 credit cards numbers from a group of e-commerce web sites and posted the numbers on the web. After ex-hacker Chris Davis tracked him down, he was arrested on March 23, 2000, and charged under the United Kingdom’s computer crime statute.”

Mai Multe Aici: http://www.pbs.org/wgbh/pages/frontline/shows/hackers/whoare/

Cu toti stim sau ar trebui sa stim ce este DoS attack (Denial of Service attack) mai ales cei care detin servere,website-uri.
DoS Attack a devenit din ce in ce mai folosit , cel mai mult auzim de el cam asa : “ba mi-a dat ala flood”.Bine era daca lucrurile se opreau aici insa din pacate pentru noi , cei ce detinem website-uri , servere insa nu a fost sa fie , din ce in ce mai multi “botnets” sunt creati si folositi special pentru asa ceva. ( In cazul asta DoS devine DDOS).
Acum ca am spus cate ceva despre DoS ,DDOS sa vorbim despre RussKill,o aplicatie web care se “ocupa” cu asa ceva . In ciuda faptului ca este foarte simpla ( ca si cod) este si foarte eficienta dar si greu de detectat,Russ are chiar si o obtiune speciala : Hide URL.Foloseste SYN Flood si HTTP-Flood folosind ip-uri false.

Screens :

pic1
pic2

Do SQL injections turn you on? How about double SQL injections? If the answer is ‘yes’, then
1): Good luck with your dating life
2) Boy are you in some luck!

A new of breed of security product called Seeker produces some vivid hacker pr0n in the form of a video (see above) of how it broke and exploited every nook and cranny of your unsecure code. Yes, I’m going to say it, Seeker might be the Seymore Butts of security products!

Kidding aside, Seeker seems be packing pretty fearsome application security technology. The company behind it is an Israeli white hat hacking shop called Hacktics. These guys do work for startups, banks, telcos, governments, and homeland security agencies. Their team members hold very high security clearances due to their prior and current service records in the IDF (Israeli Defense Force). It’s safe to say these guys know a thing or two about application security.

Seeker was designed for use by individuals that are part of the development organization which do not necessarily possess security knowledge, or even deep technical knowledge. These can range from developers, to QA staff, to team leaders. It’s for this reason that Seeker points to real business threats rather than just technical issues.

This is where a two particular product features stand out. Seeker produces screenshots (see below) that allow testers to see the vulnerabilities in the context of the actual application functionality they relate to, rather than getting just technical information based on URLs. The screenshots also contain screenshots showing how the application handled each attack.

The second stand-out feature is ‘Exploit Videos’. Seeker automatically creates a step-by-step exploit video for each vulnerability it identifies and exploits, making it easier for the developer to manually reproduce errors before and after fixing the code. Video is also quite an effective method for non-security users to understand the actual threats and potential exploits. Just imagine being able to show management or external developers such a video. Pretty effective stuff.

Seeker’s methodology is to perform runtime analysis of code executed in order to identify security flaws in the application. This is done by hooking into the process executing the application, and performing step-by-step analysis of the executed code. The attacks themselves are generated dynamically based on a ‘Smart Attack Tree,’ a long list of rules for mutating attacks based both on how the application reacts to them, and the actual application code.

The product supports an orgy of vulnerabilities, including: SQL injection, XML/XPath injection, directory traversal, cross-site scripting, parameter tampering, forceful browsing, malicious content upload, username/password enumeration, insecure redirects, source code disclosure, insecure storage of sensitive data (such as Credit cards, CVVs, SSNs), cookie poisoning and plenty more.

Currently supported are Java and .NET code analysis, using any database if no stored procedures are used. For stored procedures, Seeker supports Microsoft SQL and Oracle. PHP, as well as support for MySQL stored procedures, will be rolled out in a few months.

Seeker is currently headquartered in Israel, with $3M in funding under its belt.

Mai multe : http://techcrunch.com/2010/05/06/seeker/#ixzz0nEbEPJPK

Powered by HaxTor | CopyWrong © 2011