As I’m required to write this post to verify my blog using the traditional “Post Claim”, thought I might as well talk a little about it. In setting up my blog in technorati, they have a new option to do a “Quick Claim” to prove that you own this blog. This entails to give them [...]

Categories: security · web security

I was thinking of the current situation we are experiencing in Web vulnerabilities specifically with scripting and javascript. So I searched to find the source of when our browsers started to incorporate javascript and found the following: – Netscape 2.0 was the first version of Netscape to have javascript support – It was released in [...]

Categories: security · web security

Just came back from a trip to Scotland and before throwing a receipt away in the bin noticed that this one printed everything except the last 4 digits of the card whereas another receipt I had only contained the last 4 digits. Not good having these two receipts together. Coincidently on digg last week the [...]

Categories: security · vendors

In my travels I am still amazed at how many point of sale systems around the world still print people’s full credit card and expiry number on the receipts. Most usually X-out all the numbers except the last 4 digits and the expiry date, which is good but even so, do they really need to [...]

Categories: security

I overheard a conversation that put a smile on my face. A friend of a relative was talking to her about the internet and more specifically eBay, the tone changed very quickly as the first thing mentioned was how risky online transactions are. “Oh, I never put any credit card details online, it’s not safe!” [...]

Categories: security

Found a disclosure during authentication to a blog for version 2.1.2. When a person logs in with the wrong username into /wp-admin, the error message states “ERROR: Incorrect username”. Whereas if you put enter the correct username and the wrong password, you get the following. The problem is that WordPress is disclosing that that username [...]

Categories: security

This is a serious overlook in something so trivial. Just check out this publicly released code on packetstorm and how little is needed to become any user on that system! #!/bin/sh # CLASSIFIED CONFIDENTIAL SOURCE MATERIAL # # *********************ATTENTION******************************** # THIS CODE _MUST NOT_ BE DISCLOSED TO ANY THIRD PARTIES # (C) COPYRIGHT Kingcope, 2007 [...]

Categories: exploits · security

A researcher at Symantec today announced new threats against broadband routers. This involves malicious users remotely logging into the router, changing the dns settings and thus redirecting users to fake sites to steal user information. This is not a new thing and this threat has been around for quite a while, it is about guessing [...]

Categories: security

Noticed something funny happening yesterday with DNS, it was only for a short amount of time, but it occurred on 3 different systems. For example when I went to google.com, it was redirected to a sedo.com search page. My first thought was that google had not renewed their domain in time which happened with their [...]

Categories: hacking · security

I decided to start this blog in order to discuss security from the front line. Being in the field for a number of years and in a position which gives great visibility on the latest in the industry, I felt this will be a great way to share the many things that occur along the [...]

Categories: security