Papers
Hacking at a glance
In the past 2 years, client side attacks such as XSS and CSRF have been on the increase. In a presentation I gave at OWASP a short time ago I discussed what I called the Attack Renaissance, where attacks move toward breaking-in via client-side holes rather then traditional server-side vulnerabilities; however, there is more to [...]
Auditing BlackBerry Enterprise Server
A couple days ago I had to have a look into vulnerabilities associated with Blackberrys – see my post "Blackberry Insecurities".
While its fresh in my mind, I’ll discuss some brief security strategies and techniques supported by BES (Blackberry Enterprise Server).
Blackberry security at the enterprise level should include (at minumum):
Good Design & Architecure
A Strong BlackBerry IT [...]
Blackberry Insecurities
I’ve heard alot about hacking BlackBerry devices via Blackjacking. It was big news late last year, but was it really big news? I wanted to get down to the facts and the real risks involved.
If you don’t already know, Blackberry’s are awesome little "dinky" mobile computers that many companies use to connect their offices via [...]
The Generic XSS Worm
I released an article on GNUCitizen today around XSS engines and worm propogation techniques. In this article I discuss 3 XSS Engine types:
Scrape;
Specific; and
Generic XSS Worms
If you haven’t already checked it out, I would recommend the read.
Ad-Jacking Affiliate Anchor Tags
This article is part of my concept Ad-Jacking: XSSing for Fun and Profit.
Attacks of the future may utilise Web 2.0 and XSS to propogate worms for profit. The most obvious way to do this is via Ad-Jacking, a term I coined for a category of attacks that utilise a combination of XSS, JSON services and [...]
