A collection of articles and posts pulled from some of our favorite bloggers across the Internet.

Do you have an IT/Infosec Security blog that we can display here? Suggest a Link, otherwise Contact Us about getting blogging rights here on the Island!

Latest From the Web


From the Web

The Chilling Effect

August 23, 2010 from: Rsnake's blog at ha.ckers.org

I feel like there are a lot of very talented people who will never get to see their day in the sun and as an unfortunate consequence of this vulnerability market some talentless people will...

Comments  (0)


From the Web

Hill-Billies: A Case Study

August 18, 2010 from: Rsnake's blog at ha.ckers.org

With every major innovation the security community comes up with, the general public and vendors alike figure out a way to abuse that innovation or work around it to do what they originally wanted to do again - think firewalls and tunneling over port 80...

Comments  (0)


From the Web

Removing Entropy From PHP Session IDs

August 15, 2010 from: Rsnake's blog at ha.ckers.org

There are a ton of sites these days that use load-balancers in front of them. There’s a few ways they can be installed - completely transparent or acting more like a proxy. The proxy is the more common setup but it has one pretty huge negative side-effect, all the IP addresses come to the server as just one - the internal IP of the load balancer.

Comments  (0)


From the Web

Petabytes On the Cheap

July 21, 2010 from: Rsnake's blog at ha.ckers.org

It turns out you can create a single chassis that contains around 67 terabytes in it for $7,867. That’s pretty incredible...It almost doesn’t make any cost sense to outsource your storage to the cloud with those cost savings.

Comments  (1)


From the Web

Some Possible Insights into Geo-Economics of Security

July 21, 2010 from: Rsnake's blog at ha.ckers.org

Buying a certificate to allow for transport security is a good idea if you’re worried about man in the middle attacks. But when you’re in another country where the cost of running your website is a significant investment compared to the United States, suddenly the fees associated with the risks are totally lopsided...

Comments  (0)


From the Web

Flash Camera and Mic Remember Function and XSS

July 19, 2010 from: Rsnake's blog at ha.ckers.org

Flash’s settings are very often scoped to the domain rather than the app. Although currently allowing Flash access to camera and microphone isn’t all that common, if it ever did become common using XSS would be a pretty interesting tactic...

Comments  (1)


From the Web

Oracle - July 2010 Critical Patch Update Released

July 14, 2010 from: The Oracle Global Product Security Blog

Oracle just released the July 2010 Critical Patch Update (CPUJul2010). This Critical Patch Update (CPU) is the second one to include fixes for the Oracle (formerly Sun) Solaris product line and includes 59 security updates

Comments  (0)


From the Web

You Can Hack But You Can't Hide

July 10, 2010 from: Saumil's Infosec Blog

I thought this is a very interesting title for discussion but the whole idea is to debate on whether "you can" or "you can't hide". Now that the hackers around the globe have more sophisticated Hack tools under their belt, spoofing your identity has become even more easier than ever.

Comments  (1)


From the Web

Full-Disclosure, Our Turn

July 06, 2010 from: Jeremiah Grossman's Blog

Vulnerabilities in websites happen, especially the ever pervasive Cross-Site Scripting (XSS). Essentially every major website has had to deal with XSS vulnerabilities published publicly or otherwise. This also includes security companies. No one is perfect, no website has proven immune, ours included. As experts in Web application security and specifically XSS, yesterday even we took our turn. W...

Comments  (0)


From the Web

Security Alert for CVE-2010-0886 and CVE-2010-0887 Released

July 06, 2010 from: The Oracle Global Product Security Blog

Oracle just released a Security Alert to announce the availability of fixes for two vulnerabilities (CVE-2010-0886 and CVE-2010-0887) affecting Oracle Java SE and Oracle Java For Business. Both vulnerabilities only affect Java when running in a 32-bit web browser. These vulnerabilities are not present in Java running on servers or standalone Java desktop applications and do not impact any Oracle s...

Comments  (0)


From the Web

Gmail Introduces Suspicious Activity Warning

July 05, 2010 from: Saumil's Infosec Blog

Recently, My gmail account was hacked by some botnet which sent out e-mails to all my contact asking them to check out a website. I only realized this when I checked my gmail "Sent Mail" folder and had to immediately send a warning message to all my contacts telling them that my account was hacked and not to click on any links from my previous mails.

Comments  (1)


From the Web

Using DNS to Find High Value Targets

June 16, 2010 from: Rsnake's blog at ha.ckers.org

With the impending release of Fierce 2.0 I thought I’d spend a minute talking about finding high value targets. I was working with a company in a specific vertical when I realized they use a very large single back end provider (essentially a cloud-based SaaS). But they aren’t the only large company using that SaaS - there are many hundreds of other companies using them as well.

Comments  (1)


From the Web

CSRF Isn’t A Big Deal - Duh!

April 14, 2010 from: Rsnake's blog at ha.ckers.org

Did you hear the news? CSRF isn’t a big deal. I just got the memo too! There were a few posts pointing me to an article on the fact that CSRF isn’t that big of a deal. Fear not, I am here to lay the smack down on this foolishness. To be fair, I have no idea who this guy is, and maybe he’s great at other forms of hacking - web applications just don’t happen to be his strong ...

Comments  (3)


From the Web

Mozilla Plans Fix for CSS History Hack

March 31, 2010 from: Rsnake's blog at ha.ckers.org

The CSS history hack is soon going to close. If you look at the original Bugzilla thread this is something that Mozilla had marked as a P1 bug since 2002. You heard me right, this P1 bug has been open for 8 years. And here we are, on the cusp of an actual fix.

Comments  (0)


From the Web

Mozilla - Plugging the CSS History Leak

March 31, 2010 from: Mozilla Security Blog

From the Mozilla Security Blog - We’re close to landing some changes in the Firefox development tree that will fix a privacy leak that browsers have been struggling with for some time. We’re really excited about this fix, we hope other browsers will follow suit. It’s a tough problem to fix, though, so I’d like to describe how we ended up with this approach.

Comments  (1)


From the Web

Durex condom orders exposed on the Internet

March 22, 2010 from: Office of Inadequate Security

Remember the Astroglide breach, when customers who ordered samples of the lubricant had their personal details exposed online? Now there are allegations that Durex condom orders were leaking on the web.

Comments  (0)


« First < Previous  | 1 - 2 - 3 - 4 - 5 |   Next > Last »