Web Security
Page 4 of 41234

Nov 29th, 2004

Comments: 1
Category: Web Security
Read More

Interesting opinion piece on Internet Explorer security

Is Microsoft creating tomorrow’s IE security holes today? | The Register Quite an interesting piece, wondering whether Microsoft is creating problems for itself in the future with IE, with amongst other things, tight integration with the OS. I do disagree with one or two point made though, especially “Rapid development cycles won the browser wars, […]

Nov 23rd, 2004

Category: Web Security
Read More

More info. on iframe and IE security in general…

Some more information on the Bofra Iframe attack http://isc.sans.org/diary.php?date=2004-11-21 http://isc.sans.org/diary.php?date=2004-11-20 some data on security vulnerabilities in IE http://secunia.com/product/11/ A story regarding Microsoft working to patch the vulnerability http://news.zdnet.co.uk/0,39020330,39175165,00.htm

Nov 21st, 2004

Comments: 0
Category: Web Security
Read More

More details on the Bofra Incident

Bofra exploit hits our ad serving supplier | The Register While I’m not sure if this is the “major UK Site” referred to in the previous posting, there’s some information about a compromise of one of the registers advert suppliers in the story above.. It’s really quite a cunning plan by whoever carried it out, […]

Nov 20th, 2004

Comments: 0
Category: Web Security
Read More

Major website with infected links!

SANS – Internet Storm Center – Cooperative Cyber Threat Monitor And Alert System – Current Infosec News and Analysis Over at the ISC handlers diary there’s mention of a major (unnamed) uk website which has a pointer to a site hosting the Bofra/IFrame Internet Explorer exploit (for which there is currently no patch!) Another really […]

Nov 20th, 2004

Comments: 0
Category: Web Security
Read More

Very handy tip for Browsing from Windows

There’s a link to a Interesting article over at Michael Howards Blog He makes some very valid points about why running Windows machines as an administrator is a very bad idea(tm) unless absolutely required. Also there’s information on a useful technique to reduce your privileges when running specific applications, aimed at providing a safer web […]

Apr 7th, 2004

Comments: 0
Category: Web Security
Read More

Online Browser Security Test

There’s a Browser Security Test over here that allows you to check you’re browser configuration to see if it’s vulnerable. could be handy if you’re unsure of whether patches have taken correctly, or if you’re looking to demo how insecure unpatched versions of major browsers can be

Apr 6th, 2004

Comments: 0
Category: Web Security
Read More

Out-of-Band communications to combat phishing

In an article Help Net Security – The Future of Phishing, presents an interesting idea for combating the current (and potential future) phishing attacks by communicating transactions out-of-band (for example by SMS message) and then getting the user to authorize that transaction by putting in a one-time password sent to them via the SMS message.

Mar 27th, 2004

Comments: 0
Category: Web Security
Read More

Example of a spoofed secure site

Over at Securitynews.net they’ve got a cool example of using graphical elements to create the illusion of a secure site… Of course if you’re not running IE on windows XP it just looks odd. Although with enough work that might be possible to overcome, by detecting the user agent requesting the page and presenting a […]

Mar 21st, 2004

Comments: 0
Category: Web Security
Read More

SSL phishing Article

I read an interesting article on phishing last week over at netcraft which seems to show that it is possible for a phisher to create a SSL session and display the familiar padlock item, without having a valid certificate….. However I’ve since seen some disagreement about whether the “plain text” SSL method would work in […]