//
archives

technology

This tag is associated with 12 posts

The Certification Authority Mafia – is ISC2 CISSP Part of It?

Hi my name is Pythorian and I have been a paid hacker since 1998. I am certified by Microsoft and Cisco for various things, but to be honest, I don’t keep up on all of these new fangled certifications. Every time I turn around I am renewing a cert or finding a new one on … Continue reading

Dynamic Post of Login Form from PHP

When you write a lot of bots for different people and projects, sometimes it can be a huge help to not have to worry about the little things. Writing a routine to emulate user login is one of my greatest annoyances. With that in mind, I wrote this a few months back. Dynamic Post of … Continue reading

Backtrace Security just invited me to speak at a conference in Miami

First of all, a big thank you to Hubris of Backtrace Security for the invite. I always enjoy sharing my knowledge and it is always an honor to be thought of as a guest speaker! Hubris works a lot in RF so I thought that something along those lines would be a good topic for … Continue reading

Port 4567 on Centurylink and Verizon

Little disturbed buzz about 4567 over the last day or two as a few newfags realized that 4567 is open to the world. Well how exactly did you expect that your DSL tech support can tell whether or not your modem is working properly and run speed tests on the link? MAGIC?? 4567 is registered … Continue reading

Mass Social Network Ease of Use Vulnerability: Pt 4 MySpace

Disclosure of usernames has long been considered a security vulnerability of equal importance as a password. Security experts recommend avoiding the use of admin and root as usernames, and we can even see that practice taken to heart with leaks like Gawker. Administrators and users especially consider the password the only part that of the … Continue reading

Mass Social Network Ease of Use Vulnerability: Pt 3 Scribd

Disclosure of usernames has long been considered a security vulnerability of equal importance as a password. Security experts recommend avoiding the use of admin and root as usernames, and we can even see that practice taken to heart with leaks like Gawker. Administrators and users especially consider the password the only part that of the … Continue reading

Mass Social Network Ease of Use Vulnerability: Pt 2 Twitter

Disclosure of usernames has long been considered a security vulnerability of equal importance as a password. Security experts recommend avoiding the use of admin and root as usernames, and we can even see that practice taken to heart with leaks like Gawker. Administrators and users especially consider the password the only part that of the … Continue reading

Detecting Steganography in JPG Images

If you read my article on using MITM attacks on Tor you might be wondering about practical purposes other than stealing passwords and personal information. The fact is that I have no interest whatsoever in targeting specific people. I do what I do for 2 reason, I find the synergy and flow of data sexy, … Continue reading

An Introduction to Steganography aka Stenography

What is Steganography Steganography is the art and science of hiding that communication is happening. Classical steganography systems depend on keeping the encoding system secret, but modern steganography is detectable only if secret information is known, e.g. a secret key. Because of their invasive nature, steganography systems leave detectable traces within a medium’s characteristics. This … Continue reading

Handling unique images in SQL

I am working on a deep packet analysis problem right now and came back to an oldie but goodie that I thought I would share. A common security vulnerability with most web applications is their handling of images. Inexperienced developers will write uploaded images to disk instead of to a database. This design style allows … Continue reading