A couple of months ago we started sorting out through all our work. In the processes we realized that we have to find a new home for several of our project. It was a tough decision because we had a lot of projects on our hands and there were even more pending to be completed in some fashion. Nevertheless, we decided to go with the plan. So, the idea of Secapps was born.
So what is Secapps? Secapps is the new home of our GHDB tool. [...]
I am happy to announce the relaunch of Blogsecurify. I have some more announcements to make. Read on!
Blogsecurify will become a division of GNUCITIZEN. Although initially the project was planned to tackle blog-only security issues, today Blogsecurify moves into the more main stream domain - the social media platforms. [...]
This is a quick announcement regarding GNUCITIZEN’s training events.
Now you can book an event of your choice from the form over here. We will get in touch with you as soon as we have a set date for the course of your choice. We are also planning to launch an initiative which have been on the drawing board for long time now. This is the GNUCITIZEN Briefings. I will provide more information on that one soon.
The stuff I am about the discuss are not big deal but we should keep them in mind.
If you haven’t noticed yet, Google Chrome supports a bunch of command line options. You can get a listing of all command line options from chrome_switches.cc. Obviously, some of them look quite powerful. Is that a concern? Well, IMHO, I think so but there is no reason to panic just yet.
Why is this a concern? I will put it this way. [...]
Google Chrome is a fact. It is a nice and slick looking browser. It is open source and it has some nice security features. However, these security features strive to protect the user from attacks which try to takeover your browser and operating system. As I explained here, because nowadays most of the data is located on the Web, it makes sense to have built-in security features to prevent the various forms of information leaks, XSS, CSRF, etc. attacks as well. [...]
The details of the vulnerability were covered in my previous post. In this one I would like to briefly talk about the impact.
Obviously, the vulnerability is very simple. Simple yet effective. However, this is not the type of vulnerability someone can exploit on a massive scale. Here is why.
Attack Vectors
The key element of the attack vector presented in my previous post is the attackers’ ability to point the victim to a file hosted on a NETBIOS share. [...]
In this post I intend to give a brief overview of the QuickTime vulnerability which I partially-disclosed over here. I should have made these details public long time ago but better late than never. The vulnerability has been fixed for several months now and I believe it is safe to talk about it in the public.
Let’s start with an example. The following is the source code of a malicious QuickTime SMIL file:
First of all, we start with the SMIL header (SMILtext). [...]
It is time to rethink the way the desktop works. Some of my ideas may seem radical but sometimes evolution is the only solution to all of our problems. Read on…
I have this idea for quite some time now. [...]
It is true what many of you have heard. Google is releasing their own browser. Google Chrome, as they call it, is based on WebKit rendering engine and introduces some novel approaches to interacting with web technologies. I must say, it is very exciting to see all of this happening.
What makes Google Chrome different is its architecture. The browser is no longer single-threaded process. Each tab is actually a separate process with own memspace. [...]
I would like to share a few thoughts on the notion of being in direct control of your environment. This article is a continuation from my previous one and it aims to justify why nowadays individuals and organizations prefer to give away control in order to gain more agility. Needless to say, less control is often equal to less security.
Some of you who have been following the blog may be familiar with some of my other articles on the same topic. [...]
