Create an Account
username: password:
 
  MemeStreams Logo

It's always easy to manipulate people's feelings. - Laura Bush
search
Home Agent Weblogs Social Network Post Help About

Decius
Picture of Decius
Decius's Pics
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

Decius's topics
Arts
  Literature
   Sci-Fi/Fantasy Literature
  Movies
   Sci-Fi/Fantasy Films
  Music
   Electronic Music
Business
  Finance & Accounting
  Tech Industry
  Telecom Industry
  Management
  Markets & Investing
Games
Health and Wellness
Home and Garden
  Parenting
Miscellaneous
  Humor
  MemeStreams
Current Events
  War on Terrorism
Recreation
  Cars and Trucks
  Travel
Local Information
  United States
   SF Bay Area
    SF Bay Area News
Science
  Biology
  History
  Math
  Nano Tech
  Physics
Society
  Economics
  Politics and Law
   Civil Liberties
    Internet Civil Liberties
    Surveillance
   Intellectual Property
  Media
   Blogging
Sports
Technology
  (Computer Security)
  Macintosh
  Spam
  High Tech Developments

support us

Get MemeStreams Stuff!


 
From User: Acidus

Current Topic: Computer Security

SPI Labs advises avoiding iPhone feature
Topic: Computer Security 6:47 pm EDT, Jul 16, 2007

The Apple iPhone’s Safari web browser has a special feature that allows the user to dial any phone number displayed on a web page simply by tapping the number. SPI Labs has discovered that this feature can be exploited by attackers to perform various attacks, including:

* Redirecting phone calls placed by the user to different phone numbers of the attacker’s choosing
* Tracking phone calls placed by the user
* Manipulating the phone to place a call without the user accepting the confirmation dialog
* Placing the phone into an infinite loop of attempting calls, through which the only escape is to turn off the phone
* Preventing the phone from dialing

SPI Labs advises avoiding iPhone feature

Thread [5] - Link - Reply

Wired: 27B Stroke 6- Billy Hoffman on Ajax Security at RSA
Topic: Computer Security 3:53 pm EST, Feb  8, 2007
Billy Hoffman

The best conference presenters have a story to tell, and this morning, Billy Hoffman -- the lead researcher at Web application security company SPI Dynamics, had a great story to tell Wednesday morning at the RSA security conference about how all your favorite new Web 2.0 applications are a boon to criminals.

27B Stroke 6 covered Billy's talk at the RSA security conference.

Billy rocks.

Wired: 27B Stroke 6- Billy Hoffman on Ajax Security at RSA

Thread [6] - Link - Reply

Detecting, Analyzing, and Exploiting Intranet Applications using JavaScript
Topic: Computer Security 6:16 pm EDT, Jul 27, 2006

Or: How Acidus [*] learned how to port scan company intranets using JavaScript!

Imagine visiting a blog on a social site like MySpace.com or checking your email on a portal like Yahoo’s Webmail. While you are reading the Web page JavaScript code is downloaded and executed by your Web browser. It scans your entire home network, detects and determines your Linksys router model number, and then sends commands to the router to turn on wireless networking and turn off all encryption. Now imagine that this happens to 1 million people across the United States in less than 24 hours.

This scenario is no longer one of fiction.

You can visit the proof of concept page he created and test drive it now.

This is really, really, really scar^H^H^H^H cool!

Detecting, Analyzing, and Exploiting Intranet Applications using JavaScript

Thread [6] - Link - Reply

The Eternity Service
Topic: Computer Security 11:21 am EDT, Oct  1, 2005

Acidus says:

I've be doing quite a bit of work on anonymously and permanently publishing information on top of existing webservices (often without the service's knowledge/consent).

I thought I'd meme the grand daddy work on the subject Ross Anderson's Eternity Service paper. A must read about using the fragmented nature of USENET to overlay a hypertext-based layer where thing can never be unsaid.

One of the best computer security papers of all time...

The Eternity Service

Thread [2] - Link - Reply

  
 
Powered By Industrial Memetics		RSS2.0