Australian IT – Bungle exposes bank files (Natalie O’Brien and Michael McKinnon, JUNE 26, 2006) Another story in a long line of articles about sensitive data being lost by organisations who should know better. This time it’s the turn of the Australian High-Tec crime unit. One thing I’ve noticed about these stories is that the […]
iKu Systemhaus AG – Sicherheit Advisory about a new(?) character encoding issue. The problem for Internet Explorer appears to be that they handle the encoding correctly but that A-V /Filtering systems may not, essentially obfuscating attacks on the browser….
Ajax security basics Interesting article on Security Focus looking at the security implications of AJAX technologies and also the implications for Penetration testing AJAX enabled applications. In terms of the security risks of AJAX it will be interesting to see how well frameworks like Atlas and RoR take care of this for the developer. One […]
Foundstone, a division of McAfee, Inc. Seems to be tool-tastic at the moment. Foundstone have updated their hacme books and hacme bank site and released hacme travel and shipping! Shipping is a Coldfusion app with a mysql database and travel is in C++ which should be interesting… (like the typo on the travel page which […]
“Hacking iSeries” references and links Just started to go through the blackhat europe 2006 media archives and found something useful to keep a note of (expect many more posts as I go). iSeries (more commonly known as AS/400) is not something which there’s a wide understanding of, both in IT security and pen testing (IME […]
Survey: gaping security holes – Network World Some interesting numbers relating to security trends. It’s not surprising really though it should be.. over half of companies admit they’re not doing a good job of working out what’s on the network (kinda’ hard to patch a box you don’t know you’ve got) And probably the worst, […]