Dan Goodin reported about ScanSafe’s adivsory about indiatimes (http://www.indiatimes.com/) visitors getting bombarded by malware. She said most pages on the IndiaTimes site are clean. Those that are infected, however, contain a potent cocktail of downloader and dropper Trojans and other binaries. [Continue]
skip to navigation | content
ifacethoughtsSpamming The New Way
While we are debating about how to open up social networks open, there are some who have come up with a new way of spamming. Build a social networking site, lure people in and spam all their contacts. I got a couple of invites, but I have developed a habit of rejecting before accepting invites. [Continue]
Using Websites To Hack Intranets
Robert Hansen presents an interesting paper on using websites to hack intranets. There is good awareness about hacking intranets by using browsers, however, this paper explains how the web server can be hack your intranet. The concept rests on allowing file uploads over remote HTTP requests and elaborates on following techniques: port sweeping fingerprinting potential vulnerable applications hacking the Intranet website. [Continue]
Secure AJAX Mashups
Brent Ashley explains the problem and possible solutions for secure AJAX mashups (via Ajaxian). It has come a right time, when developers are reporting AJAX vulnerabilities. The inherent conflict is because we are using today’s tools in an unintended way, which springs up surprises, especially when we least expect it. [Continue]
Red Alert: Upgrade Wordpress To 2.1.2
If you have already upgraded to Wordpress 2.1.1, your site might include code for letting someone else control your blog, that was added in a break in. There is a new release available that removes the malicious code. Make sure you download it and upgrade. [Continue]
Format String Vulnerabilities
Hal Burch and Robert C. Seacord explain programming language format string vulnerabilities. They also illustrate that, as is the usual misconception, C and C++ are not the only ones vulnerable to the exploits. [Continue]
Vista Voice Exploit – Flaw Or Not?
Unless you are hiding in your basement fearing the Vista twister, you would have heard/read/seen about the Vista Speech Recognition remote execution flaw. There are various takes on it, some escalating it, some playing it down. The Mac enthusiasts are having a field day. [Continue]
OpenID And Phishing
Phil Becker discusses increasing popularity of OpenID, and phishing. The concept behind OpenID is that your identity for various sites gets controlled through your OpenID provider which is just one site. Whenever you want to login into any of the services, you are redirected to your OpenID provider for entering your password. [Continue]
Security And Good Programming Are Interlinked
Dan Farber quotes the cyber-security experts who blame bad programming and lack of knowledge among programmers for insecure applications. This leads to repeated mistakes which makes programmers predictable with their security holes. Li Gong, the primary architect for the Java security model, says: … The problem is that people repeat the same mistakes every time they create something new, such as with the Web or AJAX. [Continue]
Session Cookies And Security
Alex Bosworth discusses session security for web applications, something that will make you rethink about work you might have done. Session cookies, that typically contain authentication information, can be easily available to the hackers through HTTP headers. Alex recommends a solution of using the combination of a random hidden value and the session variable. [Continue]
freshthoughts
- Help Yourself With xdg-open
- Software Patents And Open Source
- Another FUD Against Open Source
- A Xubuntu User Again
- Advice On Building Great Products
- Ubuntu Defaults To Google Docs For Netbooks
- Inherently, Design Is A Combination Of Art And Engineering
- New Tools I Picked Up In 2009
- Microsoft Agrees To Free Browser Choice
- Get OpenID With Google Profiles
contactme
badgesand...
- accessibility
- blogging
- books
- cms
- css
- design
- desktop
- entrepreneurship
- estimation
- feeds
- for executives
- india
- linux
- mindworks
- mobile
- open source
- process
- programming
- project management
- rant
- requirements
- roi
- software for business
- standards
- testing
- this
- toc
- tools
- usability
- web
- wordpress
- wordpress global variables
This is the weblog of Abhijit Nadgouda where he writes down his thoughts on software development and related topics. You are invited to subscribe to the feed to stay updated or check out more subscription options. Or you can choose to browse by one of the topics.