Monday, December 19, 2005
Google to buy Opera?
Google may soon announce its acquisition of browser firm Opera, if rumour is to be believed.
Pierre Chappaz, founder of Kelkoo and ex-Yahoo! Europe president, has revealed in his personal blog, Kelblog, that a "usually well informed source" has told him the buy is on the cards.
Such a move could come in response to Microsoft's latest iteration of its Internet Explorer, IE 7. Should Microsoft, for example, make a better fist of integrating its own search technology into its browser, Google could see itself losing market share.
Saturday, December 17, 2005
Database Threats
• SQL Injection - attacker uses poorly designed input validation routines to create or alter SQL commands to gain access to unintended data or execute commands.Access with Elevated Privileges – incorrect configuration leads to access with higher-than-expected privileges
Authentication Threats
- Brute Force – attacker iterates through multiple combinations in the hope of finding a valid username/password combination
- Man in the Middle – attacker sniffs packets from the network, modifies them, and inserts them back into the network
- Session Hijacking - attacker uses authentication tokens to seize control of a legitimate user’s session while that user is logged into the application
- Session Replay - attacker captures authentication tokens (e.g. session ID, cookies) to bypass normal authentication without the legitimate user having to be logged into the application.
Tuesday, December 06, 2005
Will the concept of 'office' fade out?
Technology which might expedite the arrival of the next generation workplace is Personal Internet Communicator (PIC), which is an affordable consumer device designed to provide managed internet access for people in global, high-growth markets to enhance communications, entertainment and education opportunities.
The emergence of collaborative technology and tools will further reduce the need to go to office and be at your desk per se. You might be able to sit on
Monday, December 05, 2005
More Windows exploits posted online
Two new pieces of computer code that could be used in cyber attacks on Windows users were posted on the web on Wednesday and Thursday.
The exploit posted on Thursday is another that could allow a remote attacker to gain complete control over a vulnerable computer. The code takes advantage of a flaw in a Windows component for transaction processing, called the Microsoft Distributed Transaction Coordinator. Microsoft addressed the flaw in security bulletin MS05-051 in October.