HackDig : Dig high-quality web security articles for hacker

NSA Directorates

An earlier post made the point that security problems can come from subdivisions of an organization pursuing incompatible goals. In the Cold War, for example, lack of coordination between the CIA and the State Department allowed the KGB to identify undercover agents. The Guardian reports that the NSA is reorganizing to address this issue. Previously, its off
Publish At:2016-02-05 19:20 | Read:2485 | Comments:0 | Tags:Industry Observations Technical Insight Tools and Applicatio

Top 10 Web Hacking Techniques of 2015

With 2015 coming to a close, the time comes for us to pay homage to top tier security researchers from the past year and properly acknowledge all of the hard work that has been given back to the infosec community. We do this through a nifty yearly process known as The Top 10 Web Hacking Techniques. Every year the security community produces a stunning number
Publish At:2016-01-12 16:40 | Read:2319 | Comments:0 | Tags:Technical Insight Tools and Applications Vulnerabilities Web

HTTP Methods

Much of the internet operates on HTTP, Hyper Text Transfer Protocol. With HTTP, the user sends a request and the server replies with its response. These requests are like the pneumatic tubes at the bank — a delivery system for the ultimate content. A user clicks a link; a request is sent to the server; the server replies with a response; the response h
Publish At:2015-12-30 03:10 | Read:4918 | Comments:0 | Tags:Technical Insight Tools and Applications Vulnerabilities Web

“Insufficient Authorization – The Basics” Webinar Questions – Part I

Recently we offered webinar on a really interesting Insufficient Authorization vulnerability: a site that allows the user to live chat with a customer service representative updated the transcript using a request parameter that an attacker could have manipulated in order to view a different transcript, potentially giving access to a great deal of confidentia
Publish At:2015-12-12 01:10 | Read:2952 | Comments:0 | Tags:Technical Insight Tools and Applications True Stories of the

The Ad Blocking Wars: Ad Blockers vs. Ad-Tech

More and more people find online ads to be annoying, invasive, dangerous, insulting, distracting, expensive, and just understandable, and have decided to install an ad blocker. In fact, the number of people using ad blockers is skyrocketing. According to PageFair’s 2015 Ad Blocking Report, there are now 198 million active adblock users around the world with
Publish At:2015-12-03 00:10 | Read:2696 | Comments:0 | Tags:Industry Observations Technical Insight Tools and Applicatio

“Crash Course – PCI DSS 3.1 is here. Are you ready?” Part II

Thanks to all who attended our recent webinar, “Crash Course – PCI DSS 3.1 is here. Are you ready?”. During the stream, there were a number of great questions asked by attendees that didn’t get answered due to the limited time. This blog post is a means to answer many of those questions. Still have questions? Want to know more about
Publish At:2015-12-01 12:00 | Read:2733 | Comments:0 | Tags:Industry Observations Technical Insight Tools and Applicatio

URLs are content

Justifications for the federal government’s controversial mass surveillance programs have involved the distinction between the contents of communications and associated “meta-data” about those communications. Finding out that two people spoke on the phone requires less red tape than listening to the conversations themselves. While “
Publish At:2015-11-30 17:55 | Read:3178 | Comments:0 | Tags:Industry Observations Technical Insight Tools and Applicatio

Complexity and Storage Slow Attackers Down

Back in 2013, WhiteHat founder Jeremiah Grossman forgot an important password, and Jeremi Gosney of Stricture Consulting Group helped him crack it. Gosney knows password cracking, and he’s up for a challenge, but he knew it’d be futile trying to crack the leaked Ashley Madison passwords. Dean Pierce gave it a shot, and Ars Technica provides some context. A
Publish At:2015-08-31 12:50 | Read:1657 | Comments:0 | Tags:Technical Insight Tools and Applications Vulnerabilities Web

Conspiracy Theory and the Internet of Things

I came across this article about smart devices on Alternet, which tells us that “we are far from a digital Orwellian nightmare.” We’re told that worrying about smart televisions, smart phones, and smart meters is for “conspiracy theorists.” It’s a great case study in not having a security mindset. This is what David Petraeus said about the Internet of Things
Publish At:2015-08-14 15:55 | Read:2052 | Comments:0 | Tags:Industry Observations Technical Insight Tools and Applicatio

Security Pictures

Security pictures are being used in a multitude of web applications to apply an extra step in securing the login process. However, are these security pictures being used properly? Could the use of security pictures actually aid hackers? Such questions passed through my mind when testing an application’s login process that relied on security pictures to provi
Publish At:2015-08-03 17:20 | Read:1784 | Comments:0 | Tags:Tools and Applications Vulnerabilities Web Application Secur

Why is Passive Mixed Content so serious?

One of the most important tools in web security is Transport Layer Security (TLS). It not only protects sensitive information during transit, but also verifies that the content has not been modified. The user can be confident that content delivered via HTTPS is exactly what the website sent. The user can exchange sensitive information with the website, secur
Publish At:2015-07-31 01:45 | Read:2699 | Comments:0 | Tags:Technical Insight Tools and Applications Vulnerabilities Web

#HackerKast 43: Ashley Madison Hacked, Firefox Tracking Services and Cookies, HTML5 Malware Evasion Techniques, Miami Co

Hey Everybody! Welcome to another HackerKast. Lets get right to it! We had to start off with the big story of the week which was that Ashley Madison got hacked. For those of you fortunate enough to not know what Ashley Madison is, it is a dating website dedicated to members who are in relationships and looking to have affairs. This breach was a twist from m
Publish At:2015-07-28 03:40 | Read:2035 | Comments:0 | Tags:Industry Observations Technical Insight Tools and Applicatio

#HackerKast 40: OPM Breach, Sourcepoint, AdBlock Plus, NSA and AV software, Adobe Flash, Chrome Listens In via Computer

Regards, Hey Everybody! Welcome to our 40th HackerKast! Thanks for listening as always and lets get to the news! Our first story to chat about this week was news bubbling up still about the recent OPM breach. This time, the news outlets are latching on to the fact that data encryption wouldn’t have helped them in this case. Jeremiah poses the question
Publish At:2015-06-27 04:20 | Read:4959 | Comments:0 | Tags:Industry Observations Technical Insight Tools and Applicatio

Magic Hashes

For more than the last decade, PHP programmers have been wrestling with the equals-equals (==) operator. It’s caused a lot of issues. This has a particular implication for password hashes. Password hashes in PHP are base16 encoded and can come in the form of “0e812389…”. The problem is in == comparison the 0e means that if the followi
Publish At:2015-05-11 12:35 | Read:3539 | Comments:0 | Tags:Tools and Applications Vulnerabilities Web Application Secur

#HackerKast 31: RSA San Francisco

We have a special and rare treat this week on HackerKast: Jeremiah, Matt and Robert all together in San Francisco for RSAC. They give a brief overview of some of the interesting conversations and topics they’ve come across. A recurring topic in conversations with Robert is about how DevOps can improve security and help find vulnerabilities faster. Matt men
Publish At:2015-04-24 08:35 | Read:2038 | Comments:0 | Tags:Industry Observations Technical Insight Tools and Applicatio

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud