Cross Site Scripting by Anton Rager. XSS is typically perceived as a minimal threat by many developers and security professionals. There have been some good papers in the past that should have woken folks up to the potential risks of XSS, but the problem is still prevalent and most security folks are not interested in the issue and its ramifications. I hope to change that perception with this paper and the release of a tool called XSS-Proxy that allows XSS attacks to be fully controlled by a remote attacker. continue ‘Advanced Cross-Site Scripting’
Content for 'Security'
Security conference PACSEC 2008 that will be held in japanese Tokyo on 12th and 13th November 2008 has a great attraction. There will be presented a security research from Mark Tew as a next (not brute force), new implementation of the WPA-TKIP attack. WPA-TKIP security based on the dynamic key generation was supposed to be by laicks and professionals as unbreakable. Much more safe then funny WEP encription. more
Every press on the keyboard pruduces a small impuls of electromagnetic radiation. This radiation can be captured and easy (quickly) decoded. Even though the described attack effects only some keyboard models it is worth mentioning. Before the penetration test there was done a verification of eleven different keyboards. Each one was reciptive to one of four different methods of availabe attacks. As result see the videos bellow. more
Hundreds of programmers, years of development, millions of dollars. If you have installed on your desktop or laptop operating system Windows Vista and you are still thinking that it is the better and more safer system then keep on reading. This small prezentation might change your mind. You probably know an older process with crack NTLM hashe in Windows XP, or changing the password by application CIA commander. continue
With regards to the conference Defcon there has appeared the first publication Subway Hack on internet. The funny thing is that the San Francisco court forbided publishing the material (or even talk about it) just before making the prezentation public at the conference. On the top og it the whole project was removed from the author´s web right after that. Is this a some kind of a honour? Who and why was risking the Streisand effect? continue ‘MiFare Subway Hack’
