Search found 134 matches
- Mon Feb 20, 2017 10:38 pm
- Forum: Security
- Topic: New security header referrer policy wording
- Replies: 1
- Views: 2877
New security header referrer policy wording
a new security header for browser referer, and some explanations behind choices. https://scotthelme.co.uk/a-new-security-header-referrer-policy/ Recommendations "Which header you will want or need to use will depend on your requirements but there are some that you should probably stay away from...
- Fri Jan 13, 2017 7:44 pm
- Forum: Security
- Topic: Fingerprinting a comp behind the browser
- Replies: 0
- Views: 2435
Fingerprinting a comp behind the browser
Cross- Browser machine fingerprinting catches some of the info behind the browser to tag specific machines. Finding graphic card features, cpu and cores, and installed writing scripts http://yinzhicao.org/ (Cross-)Browser Fingerprinting via OS and Hardware Level Features Tor blocks most of that info...
- Tue Dec 20, 2016 10:05 pm
- Forum: Security
- Topic: got a bounce from Boing, Boing article
- Replies: 0
- Views: 2372
got a bounce from Boing, Boing article
this was from an article on browser data leakage, http://webkay.robinlinus.com/ "This is a demonstration of all the data your browser knows about you. All this data can be accessed by any website without asking you for any permission. Most of the data points are educated guesses and not conside...
- Sun Dec 11, 2016 8:56 pm
- Forum: Security
- Topic: ADsafe, a limited java library
- Replies: 2
- Views: 2924
ADsafe, a limited java library
"ADsafe makes it safe to put guest code (such as third party scripted advertising or widgets) on a web page. ADsafe defines a subset of JavaScript that is powerful enough to allow guest code to perform valuable interactions, while at the same time preventing malicious or accidental damage or in...
- Sat Dec 10, 2016 12:32 am
- Forum: Security
- Topic: heads up on a stenographic ad attack
- Replies: 1
- Views: 2524
heads up on a stenographic ad attack
"Millions of readers who visited popular news websites have been targeted by a series of malicious ads redirecting to an exploit kit exploiting several Flash vulnerabilities." "Using the known Internet Explorer vulnerability CVE-2016-0162, the encoded script attempts to verify that it...
- Thu Nov 17, 2016 7:34 pm
- Forum: Security
- Topic: vulnerabilities induced by migrating to 64-bit platforms
- Replies: 0
- Views: 2012
vulnerabilities induced by migrating to 64-bit platforms
You could see this coming, but now they have a model to use in the search https://blog.acolyer.org/2016/11/17/twice-the-bits-twice-the-trouble-vulnerabilities-induced-by-migrating-to-64-bit-platforms/ "Many software vulnerabilities are rooted in subtleties of correctly processing integers, in p...
- Fri Oct 28, 2016 9:52 pm
- Forum: Security
- Topic: windows app tables vulnerable
- Replies: 3
- Views: 4823
windows app tables vulnerable
"In researching new code injection techniques for Windows, enSilo researchers discovered a way that attackers could use to write malicious code into an atom table and force applications using the table to retrieve and execute the code." http://www.darkreading.com/vulnerabilities---threats/...
- Tue Oct 18, 2016 9:36 pm
- Forum: Security
- Topic: Lurking Malice in the Cloud
- Replies: 2
- Views: 2640
Lurking Malice in the Cloud
Interesting, they are using separate containers, and only assemble a package right before delivery. http://sciencebulletin.org/archives/6542.html Xiaojing Liao, et al., “Lurking Malice in the Cloud: Understanding and Detecting Cloud Repository as a Malicious Service,” ACM Conference on Computer and ...
- Mon Sep 12, 2016 11:00 pm
- Forum: Web Tech
- Topic: A markup generator for URL display optimizations in social c
- Replies: 0
- Views: 2430
A markup generator for URL display optimizations in social c
Looks like it can automate a messy job into a slick package
article
https://hacks.mozilla.org/2016/09/vault ... ncy-links/
and site
https://autonome.github.io/silobuster/
article
https://hacks.mozilla.org/2016/09/vault ... ncy-links/
and site
https://autonome.github.io/silobuster/
- Mon Sep 12, 2016 9:37 pm
- Forum: Security
- Topic: MySQL zero day CVE-2016-6662
- Replies: 0
- Views: 2231
MySQL zero day CVE-2016-6662
there are going to be a lot of writeups on this, but figured i would start a placeholder now. "Both the authenticated access to MySQL database (via network connection or web interfaces such as phpMyAdmin) and SQL Injection could be used as exploitation vectors. The exploitation is interesting i...
- Mon Sep 12, 2016 9:23 pm
- Forum: Web Tech
- Topic: Task Manager for Firefox processes
- Replies: 2
- Views: 3415
Task Manager for Firefox processes
Looks like a good plugin, but don't know about trust. "The Task Manager interface for Firefox opens in a new window when you click on it. The information it displays list the type of task (e.g. web page or add-on), a description which usually is a name or title, memory use, process ID and infor...
- Thu Sep 01, 2016 8:59 pm
- Forum: Security
- Topic: How to steal a developers local database
- Replies: 1
- Views: 2267
- Fri Aug 26, 2016 8:09 pm
- Forum: Security
- Topic: Computer scientists reveal history of third-party web tracki
- Replies: 0
- Views: 2122
Computer scientists reveal history of third-party web tracki
an article on the proliferation, and a new tool included in the latest Privacy Badger from EFF. Computer scientists reveal history of third-party web tracking http://sciencebulletin.org/archives/4610.html https://trackingexcavator.cs.washington.edu/ https://www.eff.org/privacybadger Interesting use ...
- Sun Jul 03, 2016 8:51 pm
- Forum: Security
- Topic: Foxit PDF reader hacked
- Replies: 1
- Views: 2316
Foxit PDF reader hacked
Security flier posted
download page, free one on the right column.
https://www.foxitsoftware.com/downloads/#Foxit-Reader
download page, free one on the right column.
https://www.foxitsoftware.com/downloads/#Foxit-Reader
- Mon Jun 13, 2016 10:06 pm
- Forum: Web Tech
- Topic: Stop using JWT for user sessions
- Replies: 0
- Views: 2619