Monthly ArchivesSeptember 2008

Billy Rios, application security extraordinaire, posted commentary on Sandro Gauci’s paper entitled “Surf Jacking – HTTPS will not save you.” It’s based on an attack called “Side Jacking” that was introduced during the 2007 BlackHat conference. Essentially, this type of attack allows someone to hijack a web session which would give them access to your account on a particular website. Branden… In English please… Ok, so let’s say you make use of some stretch time that the office gives you (assuming they know about it), and head down to the coffee shop of your choice to get a nice fresh cuppa. You bring your laptop with built-in WiFi with the full intention of working on that presentation for Johnson. That ...

Cyber-Ark has released a new study (article on ars technica) suggesting that 88% of IT workers would steal data if fired. Every 88 in 100 IT employees would steal data if they were shown the door. That’s more than the 4 out of 5 dentists that recommend chewing Trident after meals! I’m not sure who they were polling, but it sure makes IT folks look like a bunch of criminals. At a minimum it does reinforce one point that often shows up in my presentations. At the end of the article, we learn that every third administrator would write down an administrative password. Administrators are often the worst offenders when it comes to breaking security policies and procedures. This is ...