| |
Current Topic: Miscellaneous |
|
Security Threat: WordPress Under Attack |
|
|
Topic: Miscellaneous |
4:20 pm EDT, Sep 5, 2009 |
Writes Lorelle on her WordPress-centric blog: There are two clues that your WordPress site has been attacked: First, there are strange additions to permalinks, such as example.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/. The keywords are “eval” and “base64_decode.”
TechCrunch is not great about reporting security vulns, certainly not to the level of detail you;d want if you hack in the scene. What *is* interesting is using the Http Referer (sic) header to carry the actual payload. Security Threat: WordPress Under Attack |
|
RFC 3205 (rfc3205) - On the use of HTTP as a Substrate |
|
|
Topic: Miscellaneous |
12:59 am EDT, Sep 5, 2009 |
Recently there has been widespread interest in using Hypertext Transfer Protocol (HTTP) as a substrate for other applications-level protocols. This document recommends technical particulars of such use, including use of default ports, URL schemes, and HTTP security mechanisms.
Advice when using HTTP as GFBP. RFC 3205 (rfc3205) - On the use of HTTP as a Substrate |
|
Come hack us! HP's 24 Hour Live Hacking Challenge |
|
|
Topic: Miscellaneous |
10:31 am EDT, Sep 4, 2009 |
Join us at the HP Application Security virtual booth for a 24 hour live web hacking challenge where you will have a chance to advance through more than 10 levels of increasing difficulty. Participants attempt to break the login protection mechanisms at each level and gain experience in conducting attacks as a hacker would. Learn how simple techniques can compromise web applications. All of the security defects in the application are based on real world mistakes web developers make.
This is 100% open to the public. Please feel free to pass this on HP's Web Security Research Group has built hacking challenges that we use internally to test and train new employees and keep other folks sharp. They are deliberately designed to not work with automated crawling or scanning tools. We are opening this one to the public to play with and learn. People of all experience levels are welcome as everyone should be able to get through at least a few of these. Come hack us! HP's 24 Hour Live Hacking Challenge |
|
Manipulation and abuse of the consumer credit reporting agencies |
|
|
Topic: Miscellaneous |
4:25 pm EDT, Sep 1, 2009 |
This paper will present a number of loopholes and exploits against the system of consumer credit in the United States that can enable a careful attacker to hugely leverage her (or someone else's) credit report for hundreds of thousands of dollars. While the techniques outlined in this paper have been used for the personal (and legal) profit by a small community of credit hackers, these same techniques could equally be used by more nefarious persons --- that is, criminals willing to break the law, engage in fraud, and make o with significant sums of money. The purpose of this paper is to shed light on these exploits, to analyze them through the lens of the computer security community and to propose a number of fixes which will greatly reduce the effectiveness of the exploits, by both those with good and ill intentions.
Interesting paper in this month's First Monday. Manipulation and abuse of the consumer credit reporting agencies |
|
British small biz falls out of love with Microsoft, heads to the Clouds |
|
|
Topic: Miscellaneous |
1:25 pm EDT, Sep 1, 2009 |
In their poll of 1,400 Microsoft customers, all small businesses in the UK, they found that 13% of them intend to switch to Google Apps within 12 months while 22% are “undecided”. In other words a healthy number are either switching or probably poised to switch. Of the remaining, 36% were Not Switching and 29% were “Not aware” of Google Apps.null
I've been looking at operational stuff recently. Google Apps is a no brainer for what I need. British small biz falls out of love with Microsoft, heads to the Clouds |
|
MemeStreams receives DMCA takedown |
|
|
Topic: Miscellaneous |
12:51 pm EDT, Sep 1, 2009 |
It has come to our attention that the web site www.memestreams.net contains material and/or links to material that violate the anti-circumvention provisions of the Digital Millennium Copyright Act ("DMCA"). This letter is to notify you, in accordance with the provisions of the DMCA, of these unlawful activities. Pursuant to the safe harbor provisions of the DMCA, we request that you remove any whole or partial reproductions of and/or disable links to the following:
Is this the first DMCA letter Memestreams has received? You'd think between you, me, Virgil, Mike, Rattle, deC0de and others we would have generated more of these by now... MemeStreams receives DMCA takedown |
|
Cloud Fail! Elance Sends Private Messages All Over The Place |
|
|
Topic: Miscellaneous |
12:10 pm EDT, Aug 28, 2009 |
Second time this Summer we write about Elance, a service that allows for companies and individuals to hire and pay independent professionals and contractors online, and once again it’s not good news but another security issue. A registered user of the service, Salma Jafri, tells us she has been receiving dozens of private messages that were erroneously sent to her account, on occasion even containing confidential information and sensitive data such as login details for Elance accounts and third-party servers.
Wow. Fail. Cloud Fail! Elance Sends Private Messages All Over The Place |
|