Monday, December 19, 2005
Google may soon announce its acquisition of browser firm Opera, if rumour is to be believed.
Pierre Chappaz, founder of Kelkoo and ex-Yahoo! Europe president, has revealed in his personal blog, Kelblog, that a "usually well informed source" has told him the buy is on the cards.
Such a move could come in response to Microsoft's latest iteration of its Internet Explorer, IE 7. Should Microsoft, for example, make a better fist of integrating its own search technology into its browser, Google could see itself losing market share.
Saturday, December 17, 2005
• SQL Injection - attacker uses poorly designed input validation routines to create or alter SQL commands to gain access to unintended data or execute commands.Access with Elevated Privileges – incorrect configuration leads to access with higher-than-expected privileges
- Brute Force – attacker iterates through multiple combinations in the hope of finding a valid username/password combination
- Man in the Middle – attacker sniffs packets from the network, modifies them, and inserts them back into the network
- Session Hijacking - attacker uses authentication tokens to seize control of a legitimate user’s session while that user is logged into the application
- Session Replay - attacker captures authentication tokens (e.g. session ID, cookies) to bypass normal authentication without the legitimate user having to be logged into the application.
Tuesday, December 06, 2005
Technology which might expedite the arrival of the next generation workplace is Personal Internet Communicator (PIC), which is an affordable consumer device designed to provide managed internet access for people in global, high-growth markets to enhance communications, entertainment and education opportunities.
The emergence of collaborative technology and tools will further reduce the need to go to office and be at your desk per se. You might be able to sit on
Monday, December 05, 2005
Two new pieces of computer code that could be used in cyber attacks on Windows users were posted on the web on Wednesday and Thursday.
The exploit posted on Thursday is another that could allow a remote attacker to gain complete control over a vulnerable computer. The code takes advantage of a flaw in a Windows component for transaction processing, called the Microsoft Distributed Transaction Coordinator. Microsoft addressed the flaw in security bulletin MS05-051 in October.
Tuesday, November 29, 2005
Well many people asked me of what is this blogging all about...
And this is how I can define for you all...
Comments are always welcome..!!
A blog is essentially a web application which contains periodic posts on a common webpage.
Blogging combines a personal web page with tools to allow comments to be left and to make linking to other pages and blogs and ‘trackbacks’ – a system that allows a blogger to see who has seen the original post and has written another entry concerning it.
Monday, November 28, 2005
The vast majority of public service websites in Europe are failing to meet international e-accessibility standards.
That's according to a report released by the UK EU presidency, which shows that a mere three per cent of public service websites are fully meeting the terms of the minimum accessibility requirements as stated by World Wide Web Consortium (W3C) guidelines.
Most of the websites fell down in the area of providing suitable text alternatives for images on their sites, with a large number of websites also failing to fully explain the relationship between frames on a website.
Seems, there is a trade-off somewhere ...
As a part of ISSAF, it's nice to tell you all that the ISSAF (Information System Security Assessment Framework) Draft 0.2 will be available to you soon.
Watch out at http://www.oissg.org
My contribution includes the Web Application Security Assessments....:)
Friday, November 25, 2005
The Free Software Foundation Europe (FSFE) has filed a request with the European Union asking to get involved in an EU antitrust suit against Microsoft.
The Linux and Samba developer group has filed its request for leave to intervene in the case saying Microsoft's fiscal might is skewing the fight unfairly.
Georg Greve, president of FSFE, said in a statement: "The more Microsoft is able to purchase its opponents' solidarity, the more important FSFE's commitment to freedom and interoperability is."
Conversely, Microsoft has also been lobbying for new supporters in the case, asking big business to intervene on its side. Several opponents of Redmond, including the Computer and Communications Industry Association and Novell, dropped their objections following payouts from Microsoft.
Friday, November 18, 2005
Sober can hijack a Windows-based computer and force it to send spam emails. The continuous emailing can lead to overloaded servers and reduced network performance.
Wednesday, November 16, 2005
Does it it make sense to release ad-supported versions of products such as Works, Money, or even the Windows operating system itself ?
Tuesday, November 15, 2005
Google Inc. plans to give away a set of analytic tools allowing Web developers, administrators and advertisers to fine-tune their sites including advertising.
The tools are intended to address a key aspect of successful Web sites, which is the ability to track user behaviour to determine which features keep visitors on the site and which ones make them click away.
Monday, November 14, 2005
ASP.NET's extremely popular __VIEWSTATE functionality provides an automatic, uniform method for storing current state of all webpage "controls" (including form fields, database views, etc), so that user-entered data auto-magically persists and is populated across newly rendered HTML, and so that current selections of displayed database records are cached and do not need to be looked up again after every operation.
The data is by "typically" stored on client side as base64-encoded, hidden POST form field. By default, the field is protected from tampering by being "signed" using SHA1 with machine-specific key and - although not discussed by Microsoft - presumably either target .aspx filename or other file ID parameter.
The ASP.NET's __VIEWSTATE field has been found to be prone to replay attacks as well as denial of service vulnerabilities.
Just over 60 per cent of Britons are now making use of the internet. While the UK beat the European average for internet usage, which stands at 47 per cent, it is far behind the Nordic digital leaders – both Iceland and Sweden boast an 82 per cent average.
Any idea what percentage of Indians use internet ?
Friday, November 11, 2005
The ISSAF is OISSG's flagship project. It is an effort to develop an end-to-end framework for security assessment. The ISSAF aims to provide a single point of reference for professionals involved in security assessment; it reflects and addresses the practical issues of security assessment.
Being a member of OWASP Mumbai, I decided to participate in OISSG also. And I am looking forward to contribute at my best.
Thursday, November 10, 2005
Rainbow Crack provide access to a huge db of hashes to common encryption and protocol functions (e.g. MD5, LANMAN etc) allowing the quicker retrival of plain text from hash values.
Im not too sure of its viability as a business model but what it does illustrate is the importance of salting hash values and considering 2 factor authentication.