Et Cetera

Tue
21
Jul

Crawling Ajax-driven Web 2.0 Applications

Contributed by Shreeraj Shah and restored from the old Infosecwriters.com archive.

Crawling web applications is one of the key phases of automated web application scanning. The objective of crawling is to collect all possible resources from the server in order to automate vulnerability detection on each of these resources. A resource that is overlooked during this discovery phase can mean a failure to detect some vulnerabilities. The introduction of Ajax throws up new challenges [1] for the crawling engine. New ways of handling the crawling process are required as a result of these challenges. The objective of this paper is to use a practical approach to address this issue using rbNarcissus, Watir and Ruby.

This document is in PDF format. To view it click here.

Tue
21
Jul

Regulations and Technologies to Reduce Breaches in Computer Networks

Contributed by Ming-Li Tabor.

From the records, there are more hackers attacking computer network systems. The systems include banks, companies, and hospitals. Millions of records were breached and billions of dollars were lost. The government regulations require data breach notification. According to Title II of the Communications Act of 1934, Internet service providers are liable to their customers. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) protects health information. Magnetic strip technology can help to reduce breaches. The methods include chip card, chip and pin, Europay, MasterCard, Visa card (EMV), and tokenization. Some technologies provide detection of intrusion. These technologies include honeypots, snort, and Open Source Tripwire. Honeypots collect information about the attacker’s activities. Snort is easily deployed on most nodes. Open Source Tripwire is a host-based detection system.

Tue
14
Jul

A DIY Guide for those without the patience to wait for whistleblowers

Written by Phineas Fisher. ISW is mirroring this paper for discussion. This type of work is what ISW, formerly known as SWG, was all about. Different approaches to the security world! Thank you!

'm not writing this to brag about what an 31337 h4x0r I am and what m4d sk1llz it took to 0wn Gamma. I'm writing this to demystify hacking, to show how simple it is, and to hopefully inform and inspire you to go out and hack shit. If you have no experience with programming or hacking, some of the text below might look like a foreign language. Check the resources section at the end to help you get started. And trust me, once you've learned the basics you'll realize this really is easier than filing a FOIA request.

This document is in PDF format. To view it click here.

Wed
01
Jul

The 2014 Sony Pictures Hack: Theories of the Truth

Contributed by Mikal Chavez

Many users in today’s society are precarious about the topic of information security while exploring the depths of the virtual world. Fortunately, there are pre-configured layers of security provided by default via the operating systems firewall. However, how much protection do we truly believe the manufacturers and service providers offer in the terms of safeguarding our personal information?

In the content of this report, I intend to expand the recognition of newly discovered system vulnerabilities through malware insertion. These malicious tactics include cross-site scripting (XSS), embedded cookies and email spoofing used to exploit the information of a targeted user or enterprise. In doing so, my purpose is to share knowledge of the enterprise level of attack and inform best practice of disaster response methods by examining The 2014 Sony Pictures Hack.

Wed
24
Jun

Government Surveillance

Contributed by Kevin McCoy

In the beginning, the National Security Agency (NSA) was founded November 8, 1952 and headquartered at Fort George G. Meade, Maryland. The agency is tasked with collecting and processing foreign intelligence to help with military operations (“FAQs”). A primary objective of the agency has always been cryptanalysis as part of its foreign intelligence operations. The agency still seeks to collect information on foreign nations in today’s world, however it now also concentrates its efforts on monitoring and collecting information regarding its very own citizens. This paper explores and analyzes government surveillance that has startled the nation.

Pages

Subscribe to RSS - Et Cetera