Security

Google Safe-Browsing and Chrome Privacy Leak

Submitted by xqus on Mon, 08/24/2009 - 19:07

Interesting reading about Google Safe-Browsing and Chrome Privacy Leak.
http://ha.ckers.org/blog/20090824/google-safe-browsing-and-chrome-privac...

Tags:

Cross-Site Scripting (XSS) in IDLogger website statistics version 7.7

Submitted by xqus on Thu, 08/13/2009 - 16:39

------------------------------------------------------------------------
Cross-Site Scripting (XSS) in IDLogger website statistics version 7.7
------------------------------------------------------------------------

Author: Audun Larsen (larsen at xqus dot com)
Date: August 13, 2009

--AFFECTED SOFTWARE--------------------------

Name: IDLogger
Version: 7.7
Website: http://www.idlogger.com

Read more

Tags:

Ditionary files

Submitted by xqus on Sat, 01/17/2009 - 18:18

Dictionary files are files containing all kinds of words excellent for brute force password attacks.
Here are my collection. Some of them made by me, and other collected around the internett.

1 comment

Tags:

Netcraft reports: 14% of SSL Certificates signed using Vulnerable MD5 Algorithm

Submitted by xqus on Sun, 01/04/2009 - 23:02

Netcraft reports that 14% of SSL Certificates are signed using md5.

Add new comment

Tags:

MD5 considered harmful - SSL to be considered broken?

Submitted by xqus on Wed, 12/31/2008 - 14:00

A team of researchers (including one Norwegian) has managed to break the technology that issues trusted certificates for secure websites (SSL). As a proof of concept they executed a practical attack scenario and successfully created a rogue Certification Authority (CA) certificate trusted by all common web browsers.
The long, official version and the short version. Happy reading.

Add new comment

Tags:

Is security bugs just normal bugs?

Submitted by xqus on Wed, 07/16/2008 - 20:04

I just got to ask you this: Is security bugs just normal bugs? Or should they be treated special?

The reason I ask, is because of a statement made by Linus Torvalds in a discussion on the Linux kernel mailinglist just a few days ago.

So I personally consider security bugs to be just "normal bugs". I don't
cover them up, but I also don't have any reason what-so-ever to think it's
a good idea to track them and announce them as something special.

Tags:

Munin 0.8-dev released

Submitted by xqus on Fri, 03/07/2008 - 18:39

Today, I released version 0.8-dev of Munin, my PHP application firewall.

Munin 0.8-dev is available for downlod here.

Add new comment

Tags:

Cross-Site Scripting (XSS) in phpWebSite 1.4.0 search

Submitted by xqus on Tue, 01/01/2008 - 18:07

I just posted this to Bugtraq, so I'll post it here to.

------------------------------------------------------------------------
Cross-Site Scripting (XSS) in phpWebSite 1.4.0 search
------------------------------------------------------------------------

Author: Audun Larsen (larsen at xqus dot com)
Date: Dec 29, 2007

--AFFECTED SOFTWARE--------------------------

Name: phpWebSite
Version: 1.4.0
Release date: Dec 11, 2007

Developed by the Web Technology Group at Appalachian State University,
phpWebSite provides a complete web site content management system ( CMS ).

Tags:

PHP hash tool

Submitted by xqus on Sun, 08/26/2007 - 17:24

I often find myself in the need to create a md5/sha256 hash for various reasons. Most of the time I use Google to find a javascript tool that i can use. This is fine, but a bit inconvenient, so i decided to create a little script that can create all sorts of hashes from a string.

Tags:

phpSysInfo 2.5.4 released

Submitted by xqus on Mon, 08/20/2007 - 13:29

phpSysInfo 2.5.4 was released yesterday, to fix a security issue.

The latest release of phpSysInfo can be downloaded here.

Add new comment

Tags:

Tags

Archive

User login

Recent Comments

Search

del.icio.us bookmarks