Compression Ratio Info-leak Made Easy (CRIME) attack: In the previous section we saw how the Chosen Plain-text attack was used to weaken the SSL/TLS protocol. In this section we look at another attack on the SSL/TLS protocol. The attack was presented by Juliano Rizzo and Thai Duong; same pair of researchers who demonstrated BEAST attack. […]

Recently there has been a lot of news about a new SSL/TLS based attacks which was demonstrated in this year’s BlackHat conference. The attack was on SSL/TLS and was dubbed BREACH attack. The attack targeted sensitive data being transmitted in HTTP responses. In this article we will explore the BEAST attack as well as two […]

Overview: In this following test, I wanted to see whether I was able to view personal details of some other person who was not in my connection list on LinkedIn. By default, LinkedIn doesn’t allow you to view the contact details of the person who is not in your connections list. Let us dig deeper […]

It is a common technique for criminals to target gaming applications as a propagation vector for malware distribution. Recently, I observed just such a malicious Android app, which acted as an interesting information stealer and then self-destructed. I took this case to investigate further as an interesting research.

Introduction Digital forensics methods are often used to uncover evidence from electronic devices to get information and verify validity of insurance claims. This is crucial in order to establish arson, insurance fraud, wrongful death, etc. These methods and techniques greatly assist insurance investigators in uncovering any digital evidence which could be accessible, password-protected, recently deleted, […]

Web Application security has become the biggest concern for almost all organizations who wish to bring their business to the Internet. There are various reasons behind why we are still unable to fix issues like SQL Injection, Cross-Site Scripting etc. These range from developer complacency, lack of knowledge about the security issues, lack of management […]

Recently “watering hole attacks” are getting popular among the hacking groups for targeting large groups of victims who routinely visit a popular website or discussion forum to share or discuss on common interests. Technically, these attacks work by tricking people to click on a “popular link” which is actually a window to download various malicious […]

What is Information Rights Management? Information Rights Management is the set of techniques and methods which protect the highly sensitive information of the organization irrespective of the file location whether it resides “in” or “outside” the corporate boundaries. This happens as the permissions embedded inside the file don’t allow unauthorized access, modification, copying or printing. […]

What is Data Leakage Prevention? Data Leakage Prevention is the category of solutions which help an organization to apply controls for preventing the unwanted accidental or malicious leakage of sensitive information to unauthorized entities in or outside the organization. Here sensitive information may refer to organization’s internal process documents, strategic business plans, intellectual property, financial […]

I was reading the Joomla Update, http://developer.joomla.org/security/news/563-20130801-core-unauthorised-uploads A bug in Joomla Core and having the criticality is always awesome to see 🙂 I decided to give the bug a look to see what the actual problem was. I looked at the diffs (changes made) to the latest version 2.5.14 https://github.com/joomla/joomla-cms/commit/fa5645208eefd70f521cd2e4d53d5378622133d8 From the commits, there are […]