| Javascript Feeds RSS Feed Security Dashboard | SearchSecurity.com |
|
Denial of Service
|
|
Social Engineering
|
|
SQL Injection
|
|
Session Hijacking Packet Analysis TCP session hijacking is a very dangerous attack vector because most systems are vulnerable to it, as most systems use TCP/IP as their primary communication protocol. Newer operating systems have attempted to secure themselves from session hijacking by using pseudo-random number generators to calculate the Initial Sequence Number, making it harder to guess. Any security measure in randomly generating an ISN is ineffective if the attacker is able to sniff ACK packets, as they give all the information required to perform this attack.
Lee Lawson,
07/25/2005
|
|
Cross Site Scripting (XSS) FAQ XSS vulnerabilities have been found in all sorts of websites including fbi.gov, yahoo.com, ebay.com and many other popular and important websites. This paper details XSS attacks and hopes to educate you on what they are, how attackers use them and of course how you can prevent them from happening.
Chris Morganti,
07/20/2005
|
|
Why Corporations Need to Worry About Phishing Phishing is much more than a problem faced by individual consumers, it is also a business problem faced by any organization that has employees or does business online. Failure to protect employees and customers from phishing attacks can have a devastating impact on a company's reputation and can cause significant legal liabilities. Phishing is a relatively new form of online fraud that focuses on fooling the victim into providing sensitive financial or personal information to a bogus website that bears a significant resemblance to a tried and true online brand. Typically, the victim provides information into a form on the imposter site, which then relays the information to the fraudster.
Dr. Paul Judge,
07/06/2005
|
|
Exploitation The goal of exploitation is to simply make a computer system do something you want it to do, but it is not supposed to do. This really could mean anything, but there are a number of common ways for this to be interpreted. When attacking a remote system, most often it is desired to be able to run code on it. The code may be running as a non privileged user, but anything is a start. Attacking a system when you have the ability to run code on it, or locally, usually implies that the attacker wants to have more control over the system.
LearnSecurityOnline,
06/19/2005
|
|
XSS Vulnerabilities, Understimated and Dangerous This paper outlines the dangers of cross site scripting (XSS). XSS is a way to inject script code into a web page making it execute whenever the page loads or a specific event is triggered. It provides examples and focuses on temporary and permanent XSS.
By Zinho, 05/07/2005
|
|
Identity Techniques Throughout this paper, I examine techniques, as well as some concepts about wholesale tracing (tracing many individuals at one time). You may wonder why this is deemed a security issue. In truth, it really isn't--not yet. However, you will learn that the Internet is a powerful tool for domestic spying. Law-enforcement and intelligence agencies already conduct such practices on the Internet, and for them, the Network is a bonanza. No search warrant is needed to "study" the activity of someone on the Internet.
Paul Gurgul,
03/18/2005
|
|
Demystifying Google Hacks Google is the world’s most popular and powerful search engine. It has the ability to accept pre-defined commands as inputs which then produces unbelievable results. I have been thinking of publishing this paper since long time but due to lack of time I was not able to complete it. I use to add and keep this paper updated when I get tired of my daily research work. I shall also discuss about Google’s advance syntaxes and how it can be used as a tool for critical information digging.
Debasis Mohanty,
03/11/2005
|
|
Phishing - A new age weapon Phishing is a form of social engineering attack used by cyber criminals to steal sensitive information. Customers of leading banks have often been a target of Phishing. This article focuses on the security measures that financial service providers can take to prevent and manage a Phishing attack.
Abhishek Kumar,
02/14/2005
|
|
Shadow Software Attacks In this paper, I'm going to demonstrate the fact that a shadow software attack is still possible. In fact, many users and system admins are not aware of the importance of the protection mechanisms against these kind of attacks. There are many possible solutions to resolve this scenario, but it often requires some engagement from the server and the user’s side and probably this is the very essence of the entity of the problem that we are going to face.
Angelo Rosiello,
12/02/2004
|
|
Code Cracking The paper is technical related to byte code manipulation of Java using Hex Editor and it requires knowledge of Java programming and Byte Code format. I had done a code breaking in Java and bypassed the whole client side security of an Internet Banking Application, which may further result into a disaster. On the basis of that discovery I have written a following document related to the loopholes in Java and poor design of application architecture. It also provides a guideline to the software designers while developing web-based application.
Chitresh Sen,
11/03/2004
|
|
Page: 1 234567 |
