Locking Down For Security, And Loss Of Freedom

The concept of UEFI secure booting seems great from a security perspective. But I can’t help but wonder that these things are going to make it more and more difficult to customize them to our likes. It is not only about running Linux on Windows machines, it is about decoupling the hardware and software so that once you buy any hardware you can install any software that can run on it. [Continue]

indiatimes hacked?

Dan Goodin reported about ScanSafe’s adivsory about indiatimes (http://www.indiatimes.com/) visitors getting bombarded by malware. She said most pages on the IndiaTimes site are clean. Those that are infected, however, contain a potent cocktail of downloader and dropper Trojans and other binaries. [Continue]

Spamming The New Way

While we are debating about how to open up social networks open, there are some who have come up with a new way of spamming. Build a social networking site, lure people in and spam all their contacts. I got a couple of invites, but I have developed a habit of rejecting before accepting invites. [Continue]

Using Websites To Hack Intranets

Robert Hansen presents an interesting paper on using websites to hack intranets. There is good awareness about hacking intranets by using browsers, however, this paper explains how the web server can be hack your intranet. The concept rests on allowing file uploads over remote HTTP requests and elaborates on following techniques: port sweeping fingerprinting potential vulnerable applications hacking the Intranet website. [Continue]

Secure AJAX Mashups

Brent Ashley explains the problem and possible solutions for secure AJAX mashups (via Ajaxian). It has come a right time, when developers are reporting AJAX vulnerabilities. The inherent conflict is because we are using today’s tools in an unintended way, which springs up surprises, especially when we least expect it. [Continue]

OpenID And Phishing

Phil Becker discusses increasing popularity of OpenID, and phishing. The concept behind OpenID is that your identity for various sites gets controlled through your OpenID provider which is just one site. Whenever you want to login into any of the services, you are redirected to your OpenID provider for entering your password. [Continue]



Abhijit Nadgouda
iface Consulting
+91 9819820312
My bookmarks


This is the weblog of Abhijit Nadgouda where he writes down his thoughts on software development and related topics. You are invited to subscribe to the feed to stay updated or check out more subscription options. Or you can choose to browse by one of the topics.