08-18-2008 22:29
Potrebna mala pomoc
Mozda neki od vas znaju, neki ne znaju, ja radim na programu Malzilla koji sluzi za analizu sajtova u potrazi za eksploitima koji na kompove ubacuju raznu gamad.
Malzilla se koristi sirom sveta, kako na fakultetima, anti-virus laboratorijama (Kaspersky, Symantec itd.), tako i medju samostalnim istrazivacima.
Potrebna mi je mala pomoc. Trebaju mi podaci koje cete dobiti kada otvorite sledeci link:
http://malzilla.sourceforge.net/browser_test.html
Evo st >>
MyCity::Zastita
08-19-2008 23:24
Re: ZoneAlarm Security Suite 7.0
Jel ti znas gde si ga snimio? Tj gde se on nalazi ( ono npr. c:\programs\... ). Idi na ikonicu koja ti se nalazi u start liniji sa desne strane, mislim da pise slovo Z i desni klik na to pa ugasi zone alarm. Onda ga nadji u program files i obrisi citav njegov folder. Pa instaliraj ponovo. Tako ce hteti. >>
ES::Zastita
- ES::Zastita: Re: 2 ikonice upozorenja jedna Virus Alert druga Critical System Eror!
- ES::Zastita: Re: ZoneAlarm Security Suite 7.0
- ES::Zastita: Re: antivirus xp2008
08-06-2008 3:32
Prirucnik za hakere
Ne, ovo nije prirucnik za hakere.
Tema ima ovaj naslov jer sam primetio da dosta poseta dobijam bas preko ovih kljucnih reci, sto mi donekle i ne predstavlja bas dobar PR. Ne shvataju svi isto pojam "haker".
U svakom slucaju ako zelite da postanete profesionalac u svom poslu, u ovom slucaju u nekoj IT oblasti, sigurno Vam nece pomoci knjiga koja nosi naziv "prirucnik za hakere". Da sam na Vasem mestu cak bih i izbegavao knjige koje u svom nazivu imaju r >>
Ivan Markovic
07-23-2008 13:55
Sve što ste znali o online sigurnosti _ zaboravite!
Zanimljiva prezentacija o proslosti, sadasnjosti i buducnosti informaticke sigurnosti. Obavezno pogledajte.Sve što ste znali o online sigurnosti _ zaboravite!
Ivan Krstić >>
Ivan Markovic
08-14-2008 13:25
Telekomunikacioni portal | XSS
- Tip sajta: Telekomunikacioni portal
- Tip propusta: XSS
- Detalji: Polje za pretragu nije pravilno zasticeno i omogucava XSS.
- Savet: Pretvorite specijalne karaktere u odgovarajuce html entitete.
- Pronasao: Aleksandar Nikolic >>
Ivan Markovic
07-31-2008 13:53
Biro | SQLi
- Tip sajta: Biro
- Tip propusta: SQL injection
- Detalji: Parametri za pretragu nisu pravilno sankcionisani pre koriscenja u samom upitu na bazu.
- Savet: mysql_real_escape_string
- Pronasao: Ivan Markovic >>
Ivan Markovic
- infigo: Critical vulnerability in DNS
- e-sigurnost: Zbog satelitske navigacije 300,000 saobraćajnih nezgoda
08-18-2008 17:04
MySQL Truncation Etc…
Stefan Esser has a really good article about how MySQL and SQL truncate columns which can lead to security holes. He uses a good example of a column that has a width of 16 chars but he submits something with 17 chars. Obviously enforcing length is one way to enforce that, even if it almost never happens. But one other thing came to mind.
Harkening back to my days of reading Rain Forrest Puppy’s papers, I realized that often times the code does a straight regex or string matchi >>
ha.ckers
08-18-2008 5:02
Better Risk Management for Banking Industry
With the recent identify theft cases that are happening around the banking industry, a new regulation is going to be implemented for counter fight identity theft. Effective November 1, 2008, all federally regulated banks, credit card companies and other financial institutions will be required to be in full compliance with the Identity Theft Red Flags Rule, which is designed to financial services firms protect consumers' identities.. The goal of the rules is to "flag" attempted and actual identit >>
hackathology
- ha.ckers: HTML 5.0
08-19-2008 13:20
Confidential school records made available online, Sophos reports
US students exposed to risk of identity fraud.
>>
Sophos
08-18-2008 19:29
What makes a bug a security bug?
In my last post, I mentioned that security bugs were different from other bugs. Daniel Prochnow asked:
What is the difference between bug and vulnerability?
In my point of view, in a production enviroment, every bug that may lead to a loss event (CID, image, $) must be considered a security incident.
What do you think?
I answered in the comments, but I think the answer deserves a bit more commentary, especially when Evan asked:
>>
Microsoft
- ha.ckers: HTML 5.0
- : Request Forgeries on MySpace
- : Catching up…
08-17-2008 12:14
IT svet: Neupotrebljiva Vista sigurnost
Vaš komentar >>
Naslovi
08-16-2008 3:15
Auto blog: Blindirani BMW X5 Security
Vaš komentar >>
Naslovi
- Naslovi: Večernje novosti: RATEL požurio zakon
08-18-2008 23:10
Grendel v1.0 Web Application Security Testing released
Grendel-Scan is a kind Paros and Nikto combination tool. It acts like proxy and intercepts data stream for analysing. In addition, he uses modules to identify application vulnerabilities as (. >>
security-database
08-18-2008 18:19
Outpost Firewall Pro 6.5.2358.316.0607
Outpost Firewall Pro, provides defense against PC infiltration by denying unauthorized access by remote hackers and protecting against data theft, denial-of-service attacks, privacy violation, Trojan ... >>
net-security
08-18-2008 18:18
Matt Miller Joins the Security Science Team!
Good news! Matt Miller, author of plenty of cutting-edge security research, including my fave “A Brief History of Exploitation Techniques and Mitigations on Windows” has joined the Security Science team to work on improved ways to find security vulnerabilities and better software defenses through mitigations. Most recently, Matt’s been focused on design review for Windows 7.
Matt brings a massive amount of real-world exploit and defense experience to our team. Learn more ab >>
Microsoft
08-14-2008 22:20
Security is bigger than finding and fixing bugs
I just wrapped up a post over on the SDL blog with some comments about an article on Google's security work.
>>Microsoft
08-19-2008 2:00
Sysadmin 101: Securing Leopard
Filed under: Security, Mac 101
Security researchers at Corsaire have published a PDF whitepaper discussing best practices for securing Mac OS X 10.5 Leopard in a networked environment. The whitepaper is free.
"While the default installation provides a relatively secure system, it may not always meet organizational security requirements. This guide is aimed at users in environments requiring stronger security controls in their operating system, making full use of the protection fe >>
tuaw
08-13-2008 22:00
Rohos Logon Key: Turn any USB device into a login key
Filed under: Software, Security
We've covered USB key security systems before, but Rohos Logon Key looks like an interesting new player in the field for two reasons: cost and convenience. Like other USB key systems it allows you to control user logins with a USB key, but unlike other systems you don't have to use a dedicated key -- practically any USB flash drive will work. In fact, since it depends only on the USB device's serial number and doesn't store anything on the device >>
tuaw
- net-security: Data Guardian 1.4.4
08-18-2008 19:29
What makes a bug a security bug?
In my last post, I mentioned that security bugs were different from other bugs. Daniel Prochnow asked:
What is the difference between bug and vulnerability?
In my point of view, in a production enviroment, every bug that may lead to a loss event (CID, image, $) must be considered a security incident.
What do you think?
I answered in the comments, but I think the answer deserves a bit more commentary, especially when Evan asked:
>>
Microsoft
08-16-2008 19:58
HTML 5.0
On good authority I was told to take a good hard look at the newly proposed HTML 5.0 spec that’s floating around the WHATWG. Firstly my eyes went to the new video and audio tags which are meant to help users deal with the apparently confusing nature of the fact that we have img tags instead of just using embed for everything. Personally I think that’s just a horrible idea that’s going to break a lot of blacklists out there and potentially open more security holes depending if the scri >>
ha.ckers
- : Request Forgeries on MySpace
- : Catching up…
- : Microsecurity vs Macrosecurity
