- Latest News From the IT Security World
By Armando Romeo, eLearnSecurity and ID Theft Protect
- Mummies still walk among us!
By Ali Al-Shemery
Imagine all the great sources of information on the Internet today such as: news groups, blogs, websites and forums, and you still see networks, and websites being hacked and torn down using old hacking techniques. For God sake, isn’t that a walking mummy? The author in amusing way describes why it is so important to keep the knowledge updated and why attacking new system with old techniques still works. Read the true, didactic and full of sense of humor story.
- Firestarter: Starter toyour Firewall
By Mervyn Heng
The firewall is the first line of defense on the network perimeter and end points. Firewalls are the gatekeepers to facilitate the flow of necessary traffic to and from assets. The author in his article focuses on the best practices when setting up a host-based firewall on a Ubuntu 10.4 LTS laptop. He describes how the host-based firewalls allow all traffic by default to offer users with immediate access to networks and the Internet and how network-based firewalls interestingly employ the opposite tactic as their default rule is to deny all.
- HTTP Parameter Pollution Vulnerabilities in Web Applications
By Marco Balduzzi, Luca Carettoni, Stefano Di Paola
Is your web application protected against HTTP Parameter Pollution? A new class of injection vulnerabilities allows attackers to compromise the logic of the application to perform client and server-side attacks. HPP can be detected and avoided. But how? This article discusses why and how applications may be vulnerable to HTTP Parameter Pollution. By analyzing different attacking scenarios, The authors of this article introduce the HPP problem. They describe PAPAS, the system for the detection of HPP flaws, and conclude by giving the different countermeasures that conscious web designers may adopt to deal with this novel class of injection vulnerabilities.
- Does your BlackBerry smartphone have ears?
By Yury Chemerkin
The smartphone becomes the most popular gadget all over the world. Undoubtedly, compactness, convenience and PCs’ functional capabilities have been winning modern users’ hearts. People may think that Internet surfing is safer with their favorite smartphone than by PCs and that the privacy loss risk is minimized, however analytical statistics show the opposite. From this article we will find out why every BlackBerry is vulnerable to multiple network attacks and how it is that address book provides a spam-attack vector. The author explains also how deceptions may mislead Blackberry users to compromise security and what makes the DMTF signalling a possible covert channel.
- Web Testing Using Active and Passive Scanners
By Ric Messier
Website creation has become so simple that just anyone can do it. This doesn’t mean that everyone can do it well. There are so many frameworks and tools available to make dynamic sites easy to put up quickly. The author of this article shows how to scan systems using both an active and a passive Web proxy. He also explains the differences between active and passive scanning and points out the reasons why doing regular site scanning can’t be overvalued.
- Web Applications: Access Control and Authorization Issues
By Nilesh Kumar
This article is about different kinds of Access Control mechanisms and issues with them in Web Applications. Where sufficient authorization checks are lacking, access controls may be abused by the logged-in user. The impact can be catastrophic. Improper access control handling may result in information leakage or worse unauthorized access to system components. The article helps to imagine what will happen if a normal user is able to access the contents meant only for a system administrator. The author describes a few scenarios of where authorization checks are not performed correctly and shows what their impact could be.
- Web Applications: Testing and Securing Your Code
By Joe Pezzino, Phil Rusek
With the high demand for applications and information, companies have made data readily and easily available. Web applications, to keep in touch with friends, download music, or order a new espresso machine, are used so commonly you seldom think about how the information is presented to you. From this article you will find out how to test and secure your web applications. The authors will share with also you their knowledge why the best practice against SQL Injection is to write a code that stores procedures and prepared statements.
- An overview of Web Application Security Issues
By Julian Evans
- Why are there So Many Command and Control Channels Part Two
By Matt Jonkman
In his last article Matt Jonkman wrote about Command and Control Channels, or CnCs. In this one he continues the topic of CnC channels and take up the discussion of the individual categories. He also describes some up to date examples of many of these cathegories out of the Emerging Threats Sandnet.