Archive for February, 2007

7

Phishing with Text Messaging

Posted by dk
February 23, 2007

A friend of mine came and showed me a text message she had received around Valentines day. The message was titled “b my valentine”, followed by a web link to http://69844.cc/wp/md2.aspx?m=someid.

We have obviously heard of mobile worms and viruses, but it made me think around phishing attacks using text messages. The general public are alot [...]

0

Trusted Browser Security Model

Posted by dk
February 22, 2007

This paper includes some of my thoughts (’request for comments’) regarding minimizing the affects of client-side related browser attacks using the Trusted Computing Solution. It includes some of my initial thoughts.

Restrictions & Limitations: The semantic web is a security nightmare and certainly will not agree with these ideas. Right lets get on with it..brainstorming…

As always [...]

0

XSS a shadow of things to come

Posted by dk
February 7, 2007

I have been fascinated by Guninski’s work. I feel he fathered client-side attack vectors, laying the foundation for what we see today. We will come back to this in a minute.

Its an interesting question and one that I have thought quite alot about:
“What can one actually do with XSS?”

At the moment XSS attack vectors seem [...]

3

JavaScript Speed Wars

Posted by dk
February 5, 2007

This post isn’t really security related or is it?

Sean Patrick Kane wrote a JavaScript speed tester which I thought was really cool. It performs and times the following tests:

Try/Catch with errors
Layer movement
Random number engine
Math engine
DOM speed
Array functions
String functions
Ajax declaration

The results were that Opera whipped Firefox and IE hands down. Sean does mention that these results [...]