Expert analysis
The Need for a New Security Approach
Historically the goal of security for most companies was nice and simple: keep the bad guys out. And it was easy to classify who the bad guys were. The bad guys were everyone …
Where’s My iPhone? A Lesson in Incident Response
Security incidents come in many forms, from attackers breaking into computers, unauthorized attempts to sniff wireless networks and collect information, and stolen laptops or …
Interview with Nitesh Dhanjani and Billy Rios, Spies in the Phishing Underground
Both Nitesh and Billy are well-known security researchers that have recently managed to infiltrate the phishing underground. What started as a simple examination of phishing …
Social Engineering: Threats and Countermeasures
Over the years much has been written about how users are the weakest link in security, and there are surely not many people who would disagree. Despite this, companies often …
Web 2.0 Security
Web 2.0 is an umbrella term coined to include technologies used for providing user-centric web based services. Here, the services are architected and programmed so that they …
Cross Site Printing: Printer Spamming
Many network printers listen on port 9100 for a print job (RAW Printing or Direct IP printing). You can telnet directly to the printer port and enter text. Once you disconnect …
WiFi Epidemiology: Can Your Neighbors’ Router Make Yours Sick?
In densely populated urban areas WiFi routers form a tightly interconnected proximity network that can be exploited as a substrate for the spreading of malware able to launch …
Dissecting and Digging Application Source Code for Vulnerabilities
Application source code scanning for vulnerability detection is an interesting challenge and relatively complex problem as well. There are several security issues which are …
Key Management for Enterprise Data Encryption
Data encryption and key management in the real world Best practices dictate that we must protect sensitive data at the point of capture, as it’s transferred over the …
phpBB hacks: password security, anti robot login and a full board security system
phpBB uses its own authorisation/session handling, database abstraction layer and template systems, so there are numerous guides on how to use them to create your own …
Security Predictions for 2008
Saumil Shah is the founder and CEO of Net-Square. In this video, made at Black Hat, he presents an overview on what we can expect in 2008. Saumil bases his assessment on seven …
Security Extensions for Your Joomla! Installation
Joomla! is a free, open source Content Management System that allows you to build websites and other online applications. Because it’s easy to install and simple to …