This is going to be one of these quick posts which just makes you think what the information security landscape will be like in 5 years. Before I move on with my commentary, here is a video which is essential for you to watch.
Got the idea? No! Let me explain. What you see in the video above is an application for the iPhone which gives you detailed characteristics of properties (houses) in USA. [...]
This morning I spotted several blog posts mentioning that Twitter has been hit by yet another XSS worm.
There is no merit in discussing how this has been done and for what purposes but this incident is yet another proof that the attack landscape is rapidly changing and moving towards web enabled infrastructures and the client-side. [...]
And the are a lot of privacy concerns too.
IMHO, the way the Twitter folks designed their system, is totally wrong. The one and only major concern is that 3rd-part software is allowed to communicate with Twitter’s API by using the user’s login credentials. This is a bit insane as you can imagine. Why would you want to share your username and password with someone you certainly don’t trust? [...]
This morning I was reading an interesting article from Ryan Naraine (ZDNet Zero Day Blog) regarding a Facebook worm which uses RSS feeds and in particular Google Reader to strengthen its attack strategy. Interesting…
If you have been following GNUCITIZEN’s research and in particular this blog, you know this is not a big news since I’ve been describing the numerous web2.0 attack strategies countless of times. Perhaps you remember my paper on hacking Web2.0? [...]
I asked on LinkedIn what security professionals think about Cloud Security. The answer was as expected. Nobody really knew what I was talking about. How cloud security is any different from web security?
Cloud security is different because the rules of the game are totally different. The recourses involved are totally different. Money is not an issue. I believe that anyone can afford $0.15 per month for 1TB of storage. Networking capabilities are not an issue. [...]
I would like to share a few thoughts on the notion of being in direct control of your environment. This article is a continuation from my previous one and it aims to justify why nowadays individuals and organizations prefer to give away control in order to gain more agility. Needless to say, less control is often equal to less security.
Some of you who have been following the blog may be familiar with some of my other articles on the same topic. [...]
I need to do a lot of clean up work around all my projects. So, expect a series of quick posts.
In this post you will be able to find my slides from a quite cool event in Oslo. The topic is Web2.0 again.
The event was quite successful and I am looking forward to attending it again. Not to mention that Oslo was just brilliant compared to the bad weather in UK.
If you haven’t noticed yet, a lot of the useless sections of this site have been removed. The microblogs are also gone since they were kind of redundant. Nevertheless, I still have the urge to post random thoughts that I would like to share. So I will keep this information within the blog which is probably the best place this type of information can be listed.
So this is not a rant but observation which made me question whether humans are capable of seeing further then their nose. [...]
My favorite tech quote is from Giorgio Maone. It goes like this: If today’s malware mostly runs on Windows because it’s the commonest executable platform, tomorrow’s will likely run on the Web, for the very same reason. Because, like it or not, Web is already a huge executable platform, and we should start thinking at it this way, from a security perspective.
Part of my job at GNUCITIZEN is to spot trends. [...]
I was going though some feeds that have been aggregating for a few weeks without my supervision and I came to realize that the Web is on fire.
It is not just the hype which is obvious when it comes to things such as AJAX and Web2.0 but it is also about the other things yet to be seen. I see social networks that serve all kinds of purposes popping everywhere. Commercial, private, open, whatever, they all agglomerate people in a very, very rapidly. [...]
test your web apps with websecurify application security testing runtime