This is a continuation from my previous post. The reasons why GIFARs, although in my case it was JPGAR (from JPG + JAR), work was explained to me by FX (Recurity Labs) after my talk during the last Black Hat in Amsterdam.
Basically, when you combine GIF/JPG and JAR/ZIP you have a hybrid file which have [...]
So, Black Hat is next week. Great! I will be happy to see you all there. You may even join me on the 6th at 13:45 - the Client-side Security talk. The details of my talk are here, which btw is the improved version of what I have over here.
I am still working on my [...]
Well, this is going to be a very quick post. I would like to let you know that SecUrls was redesigned and now it feels a lot better then before. Keep in mind that this is just an experiment just like some of our other projects. If it does not prove to be valuable for [...]
If you read the Wikipedia’s definition of Tiger Team you get the following: A tiger team is a specialized group tasked with testing the effectiveness of an organization’s ability to protect assets by attempting to circumvent, defeat or otherwise thwart that organization’s internal and external security. And further down we have In the computer security [...]
I was flipping the pages of the latest SC Magazine and I am afraid to admit that it was very boring.
And this is not because the idea behind the magazine is bad. Not at all. It is mainly the fault of the numerous info security companies SC Magazine is listing, which are striving to sell [...]
The fun with hacking UPnP enabled devices has just began. We’ve started our exploration in the fields of UPnP earlier this year with some smoking posts which covered some basic attacks and the advance flash attacks. Today I stumbled across Google Media Server, a desktop gadget which allows you to share all your laptop/desktop media [...]
During the last couple of days we combined forces with Blogsecurity.NET in an effort to improve their online Wordpress vulnerability scanner. The result of these efforts is our new initiative called Blogsecurify.
Blogsecurify was created to help individuals and organization to secure their blog infrastructures by testing them against a set of security tests. The project [...]
Ok, ignore the image. This is the best I could find online. This post is about a thing I happen to notice while messing around with my own Google for Applications accounts.
Basically, Google allows you to use custom domains for your Google for Applications, Blogspot, Mashup Editor and of course App Engine accounts. I think [...]
Here is a thought for you: The entire information security industry today is based on fear. The fear of getting hacked and your integrity and reputation being publicly jeopardized and challenged.
This is what gives security vendors the power to sell you useless products which you don’t really need.
If you haven’t noticed yet, a lot of the useless sections of this site have been removed. The microblogs are also gone since they were kind of redundant. Nevertheless, I still have the urge to post random thoughts that I would like to share. So I will keep this information within the blog which is [...]
