The Agile Hacking Project

This is a quick announcement regarding the Agile Hacking project. For those of you who are not familiar with this project, there is a post that you can go through over here.

So, the Agile Hacking project has found a new home in the newly established House of Hackers V2 initiative, which is essentially the House of Hackers‘ wiki. We plan to use V2 as our main project repository. [...]

more | comments | comments rss | posted by

Even More Advanced Clickjacking

Clickjacking is one of these types of attacks which are incredibly simplistic to perform, yet very powerful in today’s web-driven world. In this post I would like to draw you attention to one more technique that can be used to perform successful clickjacking.

Basically the browser slowly becomes a quite powerful graphical environment. This is due to two relatively new features such as the canvas and support for SVG (Simply Vector Graphic). Interestingly enough, SVG is not so simple. [...]

more | comments | comments rss | posted by

Gmail Security Flaw

I woke up today to realize that GNUCITIZEN’s web server is bombarded with requests. Good that we are running from a scalable infrastructure. The reason for the storm was a recent disclosure of apparently new Gmail bug similar to the one which I partially and than fully disclosed here, of course after working with the vendor to resolve the problem, which is always the right thing to do. [...]

more | comments | comments rss | posted by

Bring Back the Attack to the API

A couple of years ago I started a project called AttackAPI. It kind of became a hit at the time because there was no other project that was doing the same thing. Btw, the situation remains the same.

Today the project is kind of dead because I am not actively developing it anymore. Most of my development time go to projects of greater importance such as Netsecurify, Websecurify, Blogsecurify and several others. [...]

more | comments | comments rss | posted by

GNUCITIZEN in 2005

I thought that this will be interesting to some of you. This is how GNUCITIZEN looked like back in 2005 when it was just a personal website rather than a group of like-minded people as it is today.

It is quite nice to look back and see how things progressed over the years.

more | comments | comments rss | posted by

6000 Members on HoH

Just a couple of months ago, we started HoH as one of our social experiments. Initially the network was composed of just about 10-15 people and there was nothing fancy about it. We didn’t even have a domain although we promised to ourselves that if we reach 1000 members we will certainly look into buying a domain and also investing into other resources.

Amazingly, we reached the 1000 cap quite rapidly and today the HoH network is just over 6000 members. [...]

more | comments | comments rss | posted by

Harder, Better, Faster, Stronger – The Malware

I am sure that you know this song. Yes, Daft Punk absolute rocks, although this post is about malware not the band.

Anyway, I was going through some blogs today and I stumbled across some articles regarding a malware affecting MacOS. Apparently this piece of malicious software is of a type downloader/installer. All it does is to connect to a remote server, fetch the payload and execute. Nothing special really! [...]

more | comments | comments rss | posted by

We Need Better Web Tools

Oh yes, we certainly do! And let me tell you something: they ain’t going to be quite the same thing as what we are used to.

Back in the days all you needed was a poxy, a dummy scanner/spider just to lift of your back some of the repetitive and boring things, and your brain. You are pretty much settled. Today, you need to do things beyond that. Web technologies are just starting to show their ugly face and we are here to see/experience them for the first time. [...]

more | comments | comments rss | posted by

The Cloud is not That Insecure

I am sure that by now you’ve seen/heard a lot of rants about how insecure cloud technologies are, etc. What worries me is that these claims are made by people who have never worked with cloud technologies and therefore have no clue on the subject whatsoever.

All of these claims actually have a common root. It is only logical to think that Gmail perhaps is less secure than your self-hosted email solution, for example. [...]

more | comments | comments rss | posted by

Facebook, Worms and RSS Feeds – Hacking The Web2.0 Way and Beyond

This morning I was reading an interesting article from Ryan Naraine (ZDNet Zero Day Blog) regarding a Facebook worm which uses RSS feeds and in particular Google Reader to strengthen its attack strategy. Interesting…

If you have been following GNUCITIZEN’s research and in particular this blog, you know this is not a big news since I’ve been describing the numerous web2.0 attack strategies countless of times. Perhaps you remember my paper on hacking Web2.0? [...]

more | comments | comments rss | posted by