Wednesday, November 3, 2010

Reading

The information security field is always evolving... To get in the field you need a basic level of understanding. I suggest that you check out the OWASP books, that are freely available for download at lulu.com

For starters I'd recommend "OWASP Top 10 - 2010 Edition" and then go on reading the ones you find yourself interested in.

OWASP isn't the ultimate source for information, but it's a start. You can find guidelines etc from their site... I suggest that you check it out if you're interested in penetration testing.

be safe
Posted by at No comments:
Labels: , ,

Wednesday, October 27, 2010

Firesheep addon for Firefox

The news have been full of articles about the Firesheep addon for Firefox. The addon enables you to listen to newtwork traffic on an open WLAN and also makes it easy to hijack any session, that:

  • works on unsecured connection (no ssl/https)

  • relies on session cookie

The sites, which sessions you can highjack with default settings include:

  • Amazon.com

  • Dropbox

  • Enom

  • Facebook

  • Flickr

  • Google

  • Windows Live

  • Yahoo

  • Twitter
You can also add new sites manually.

Some of the sites log you in over secure connection and after the login procedure, will move you to a non secure channel to save bandwith/processor time. So even if your credentials will be secure the sessions will be highjackable.

Possible workarounds are the utilization of a VPN (though the network traffic will still be unencrypted between your VPN endpoint and the service) or an addon, that forces the browser to user only HTTPS -connections to certain sites. An example of such an addon is Force-TLS.

be safe

Posted by at 1 comment:
Labels: , , , ,
Subscribe to: Posts (Atom)