|
Security
Blogging and Damballa - April 11th, 2009
Gunter's changed jobs and now has a personal security blog that gets
updated regularly! |
|
Continuing
Business with Malware Infected Customers Whitepaper -
November 2nd, 2008
The problem facing online businesses going forward is, if upwards of
one-third of their customers are likely to be using computers
infected with malware to conduct business transactions with them,
how should they continue to do business with an infected customer
base? This new whitepaper discusses many of the best practices
businesses can adopt for their Web application design and
back-office support processes in order to minimize the growing
threat of man-in-the-browser malware, along with helping to reduce
several of the risks posed with continuing to do business customers
likely to be operating infected computers. |
|
Patching a sick
health care system - April 23rd, 2008
My most recently published editorial for SC Magazine covering the
problems encountered patching embedded systems within the complex
health care environment. |
|
2007
Vulnerability Disclosure Rates - February 10th, 2008
According to X-Force, there has been a 5.4 percent year-on-year
decrease in the annual disclosure of new vulnerabilities. Why? In
this blog entry I examine the probable influences in the decrease -
decreasing vulnerability appeal, vendor security testing
improvements, professional bug-hunters and vulnerability purchase
programs... |
|
User-Agent Attacks
- January 21st, 2008
The concept was quite simple. While most Web sites do a good job
of scrubbing user input of unwanted HTML tags and JavaScript, the
backend Web traffic analysis engines tend not to. Since just about
all Web servers offer various online analysis tools for
administrators to review visitor statistics, if these tools didn’t
scrub the data correctly it would be possible to launch an attack
against the administrator when they logged in. |
|
Hacking a Boeing
787? - January 7th, 2008
The FAA document entitled “Special Conditions: Boeing Model 787-8
Airplane; Systems and Data Networks Security--Isolation or
Protection From Unauthorized Passenger Domain Systems Access”
raises the possibility of mile-high hacking a fly-by-wire
multi-million dollar aircraft. |
|
WHOIS Cross-site Scripting
- January 4th, 2008
There’s been a little fuss over a recent posting concerning the
threat of WHOIS cross-site scripting. To get your attention, it
starts with “This is massive.” Now don’t get me wrong, there is a
threat, but it is marginal – and I’ll explain why in a little bit.
What’s all the fuss about? Basically, when you register a new domain
name (or manage an existing domain name), you... |
|
Hacking Barcodes-
January 1st, 2008
"Barcode systems susceptible to serious hacker attacks" - so says
Heise Security, in their article posted yesterday concerning FX's
presentation at this weeks 24th Chaos Communication Congress. The
article describes a few of the threats to systems that rely upon
barcodes (on and two dimensional) - in particular their ease of
manipulation for scamming purposes and the possibilities for code
injection attacks. |
|
Commercial
Keyloggers - December 30th, 2007
While malware keyloggers are typically developed and deployed by
criminal gangs, did you know that there is a whole bundle of
commercial-grade software-based keyloggers as well? These commercial
keyloggers are designed for use by corporate IT/Security/Audit teams
and law enforcement agencies, and they’re way more advanced than
their malware cousins. |
|
Professional
Keylogging - December 22nd, 2007
Of all the nefarious techniques that can be used to gain access to a
hosts’ data, the keylogger continues to be a perennial favorite.
Whether it’s deployed in hardware or software formats, for as long
as people rely upon password protected authentication processes, the
keylogger will continue to be a reliable hacking tool. That said,
hardware keyloggers seem to be oft-forgotten aspect to hacking (for
fun and profit). |
|
Little Pinkie - October 16th, 2007
I was scanning through el Reg today and stumbled across
their funny news-bite "Unimpressed Sheilas mock boy racers'
todgers" concerning the recent Aussie TV advertising
campaign targeting boy racers. In short (pun intended),
females suggest that Australian boy racers are somewhat
lacking in the trouser department. Apparently the campaign
has been a roaring success and has helped reduce speeding
down under.
|
|
Pained by
Security Analogies - September 21st, 2007
Whenever I have to resort to using some kind of
physical-world analogy to explain an Internet security
principle, I can't but feel that I'm doing a disservice to
the people listening. Depending upon the audiences
involved, my analogies have ranged far and wide - jumping
from classic home security defenses (e.g. burglar alarm,
deadbolts, fences, etc.) through to safety devices in cars
(antiskid breaking, airbags, roll-cages, etc.) and even bank
surveillance systems (e.g. steel vaults, video cameras,
timed locks, etc.). |
|
TechnicalInfo.net
Updated -
September 1st, 2007
It's been a while, but I've finally managed to refurbish the
Website. As part of the refurbishment I've tried to simplify
the interfaces and consolidate a lot of the content into a better
hierarchical structure. |