Rodney Campbell's Blog

2006.07.31 Daily Security Reading

by on Jul.31, 2006, under Security

Learning to Detect Phishing Emails
Phishers launched a record number of attacks in January 2006, as reported by the Anti-Phishing Working Group. These attacks often take the form of an email that purports to be from a trusted entity, such as eBay or PayPal. The email states that the user needs to provide information, such as credit card numbers, identity information, or login credentials, often to correct some alleged problem supposedly found with an account.

The security risk in Web 2.0
Web 2.0 is causing a splash as it stretches the boundaries of what Web sites can do. But in the rush to add features, security has become an afterthought, experts say. The buzz around the new technology echoes the '90s Internet boom–complete with pricey conferences, plenty of start-ups, and innovative companies like MySpace.com and Writely being snapped up for big bucks. 

Detecting, Analyzing, and Exploiting Intranet Applications using JavaScript
Imagine visiting a blog on a social site like MySpace.com or checking your email on a portal like Yahoo’s Webmail. While you are reading the Web page JavaScript code is downloaded and executed by your Web browser. It scans your entire home network, detects and determines your Linksys router model number, and then sends commands to the router to turn on wireless networking and turn off all encryption. Now imagine that this happens to 1 million people across the United States in less than 24 hours.

The Evolving Art of Fuzzing
Fuzzing is a testing technique used to find bugs in software. Often these bugs aresecurity related since fuzzing is performed against the external or exposed interfaces ofprograms. Fuzzing is not used to establish completeness or correctness, the task of moretraditional testing techniques. Instead, Fuzzing complements traditional testing to discoveruntested combinations of code and data by combining the power of randomness, protocolknowledge, and attack heuristics. Adding automatic protocol discovery, reading real-timetracer/debugger information, fault data logging, and multi-fuzzer sessions is the cutting edge in fuzzing tools.

Opinion: Windows Genuine Advantage and why you should be annoyed
The only "advantage" of Windows Genuine Advantage, Microsoft's controversial anti-piracy software, is to help Microsoft, says Computerworld 's Scot Finnie.

Windows Genuine Advantage: What it is, how to ditch it
Looking to rid your Windows PC of Microsoft's anti-piracy software, Windows Genuine Advantage? Computerworld 's Scot Finnie takes you step-by-step through the process.


Comments are closed.

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!

Copyright © 2015 Rodney Campbell

Images contained on this web site may not be used or reproduced in any way without prior permission.