ha.ckers.org web application security lab
 
Showing 1-10 of 34 records
 
Expand article

Process Doubling

2008-01-27 22:44:57 by RSnake in ha.ckers.org web application security lab
 
I was working on a client a week ago or so and we completely compromised their network. Its a fairly common occurrence during an audit (given there are logistical reasons that make many common techniques off limits). It was mission accomplished for showing the vulnerabilities in the client. However, I started thinking about the firewall egress...
 
Tags: web server, fairly complex set, set, fairly straight forward, egress, fairly easy, fairly common occurrence, easy, firewall egress
 
 
 
 
Expand article

Self Incrimination or Privacy

2008-01-27 22:32:43 by RSnake in ha.ckers.org web application security lab
 
Theres a really interesting case being talked about over at the Washinton Post regarding a man who is accused of having downloaded child pornography on his computer and then encrypting it using PGP. This actually has some pretty interesting and wide-reaching implications for citizens in the US. Either a) he has to release the password and...
 
Tags: bad, bad taste, pretty torn, pretty, furry fetish, washinton post, child pornography, time, outcome
 
 
 
 
Expand article

IP Addresses Are Considered Personally Identifiable Information in the EU

2008-01-22 15:39:31 by RSnake in ha.ckers.org web application security lab
 
...information in the EU . Whoah! Im sure people can think of their own reasons this might be a big deal, but here is just a small smattering of stuff that I came up with Advertising: banner ads are almost always pulled from a third party. That third party gets things like referrers and, what else, IP addresses! Sorry, say goodbye to third party...
 
Tags: information, addresses, identifiable information, people, content, googles business model, party, log analysis software, actual protection
 
 
 
 
Expand article

The Austin Project

2008-01-21 22:45:39 by RSnake in ha.ckers.org web application security lab
 
...information. I want to help those people and bring them to the next level, so that they go off and eventually help others and so on. I firmly believe education at this level will help our industry, help us start developing better applications, better strategies, and ultimately will make all our lives better This isnt like most training. There...
 
Tags: people, competent people, project, helps people focus, austin project, austin project web-page, security, web application security, site
 
 
 
 
Expand article

Say Goodbye to IE6.0! Hello IE7.0!

2008-01-21 16:35:03 by RSnake in ha.ckers.org web application security lab
 
...security and its bad for public relations. So for all of you who had come to know and love IE6.0, you might as well go download it now and beat the curve. Resistance is futile! Although there are instructions on how to stop the upgrade if you really need swim upstream
 
Tags: ie6, ie7, love ie6, bad, feb 12th, notable change, people, microsoft, significant improvements
 
 
 
 
Expand article

Another MySpace XSS Through an API

2008-01-21 16:24:14 by RSnake in ha.ckers.org web application security lab
 
...security professionals are auditing a website is the use of APIs. Hackers dont care that your browser sees them as different domains. If they can attack the API and that API has access to the same data that the main website does, but without the controls in place to lock it down, that much the better. Anyway, all of this and much much more...
 
Tags: api, mobile api, myspace, xss, website, main website, mobile platform, rosario, rosario valotta
 
 
 
 
Expand article

Okay to Spam, Bad to Fight it in South Dakota

2008-01-17 21:19:46 by RSnake in ha.ckers.org web application security lab
 
...information (that means available for anyone, including anti-spam organizations) this could set a legal precedent that enables spammers to operate with near legal impunity out of North Dakota. Great. So if you or someone you are investigating is based out of North Dakota - Id watch this lawsuit until this is settled. Talk about taking one...
 
Tags: north dakota, judge, judge bob, giant leap backwards, district judge, cynthia rothe-seeger, zone transfer, public information, legal impunity
 
 
 
 
Expand article

Moto Q9 DoS and Fingerprinting

2008-01-12 18:10:21 by RSnake in ha.ckers.org web application security lab
 
So I got a new smart phone, which has been highly entertaining when Im stuck in airports, or waiting for meetings or whatever. Its a Moto-Q9 . Boy is it sexy - lots of features, fairly fast. It kinda reminds me of what Windows95 used to be - usable but not fast. It has the new version of Microsofts mobile operating system on there with direct...
 
Tags: accept language, accept, devcap, devcap charset, devcap numsoftkeys, accept charset, devcap screenpixels, cell phone hacker, phone
 
 
 
 
Expand article

Fortify Documentary

2008-01-11 17:24:34 by RSnake in ha.ckers.org web application security lab
 
...security is to global economy. I thought it was really well done actually One thing I thought was hilariously ironic was a quote by Howard Schmitt (ex cyber security czar for the United States, who replaced Richard Clarke), We should never ever ever be so arrogant to think that were not a potential victim or our data has not been compromised...
 
Tags: documentary, cyber security czar, howard, howard schmitt, global economy, richard clarke, data, potential victim, jeremiahs site
 
 
 
 
Expand article

Diminutive Worm Contest Wrapup

2008-01-10 23:26:37 by RSnake in ha.ckers.org web application security lab
 
While the fun is over, there is a lot to talk about in the wrap-up. So much so that I think it will take longer to deal with the output of the contest than the contest itself took. First of all, a huge congrats to both Giorgio Maone and Sirdarckcat for winning the contest with an incredibly small 161 byte worm. They tied because they both had...
 
Tags: worm, stop worm propagation, worm propagation, scale worm defense, huge congrats, giorgio maone, byte worm, cross browser compatibility, companies devise plans