Resolutions for 2006

‘Tis the time to change old habits and go for a smart new way to make your security grow.
The Expectations and Predictions from Web Application Security for year 2006 mainly focus on :
Worms and Browser Vulnerabilities
Phishing and Cross Site Scripting
Web Application Backdooring
RSS Feeds

Click on the link to view the complete details..

Enjoy the new year...

Regards,
Dharmesh Mehta

Read More

Google to buy Opera?

Google may soon announce its acquisition of browser firm Opera, if rumour is to be believed.

Pierre Chappaz, founder of Kelkoo and ex-Yahoo! Europe president, has revealed in his personal blog, Kelblog, that a "usually well informed source" has told him the buy is on the cards.

Such a move could come in response to Microsoft's latest iteration of its Internet Explorer, IE 7. Should Microsoft, for example, make a better fist of integrating its own search technology into its browser, Google could see itself losing market share.

Read More

Database Threats

• Password Compromised – same as brute force, or username/password hard-coded in code

• SQL Injection - attacker uses poorly designed input validation routines to create or alter SQL commands to gain access to unintended data or execute commands.Access with Elevated Privileges – incorrect configuration leads to access with higher-than-expected privileges

Read More

Authentication Threats

• Brute Force – attacker iterates through multiple combinations in the hope of finding a valid username/password combination
• Man in the Middle – attacker sniffs packets from the network, modifies them, and inserts them back into the network
• Session Hijacking - attacker uses authentication tokens to seize control of a legitimate user’s session while that user is logged into the application
• Session Replay - attacker captures authentication tokens (e.g. session ID, cookies) to bypass normal authentication without the legitimate user having to be logged into the application.

Microsoft
OWASP
OISSG

Read More

Will the concept of 'office' fade out?

Technology which might expedite the arrival of the next generation workplace is Personal Internet Communicator (PIC), which is an affordable consumer device designed to provide managed internet access for people in global, high-growth markets to enhance communications, entertainment and education opportunities.

The emergence of collaborative technology and tools will further reduce the need to go to office and be at your desk per se. You might be able to sit on India gate lawns and write that important mail, or might be able to present an important presentation over video conferencing while your kids enjoy their favorite ride at Appu Ghar. If this sounds like a sci-fi then wake up to reality. All this and more is likely to happen in the coming three-to-four years. In fact, IT-majors Microsoft and IBM are working hard to make this vision a reality

Details

Read More

More Windows exploits posted online

Two new pieces of computer code that could be used in cyber attacks on Windows users were posted on the web on Wednesday and Thursday.

The exploit posted on Thursday is another that could allow a remote attacker to gain complete control over a vulnerable computer. The code takes advantage of a flaw in a Windows component for transaction processing, called the Microsoft Distributed Transaction Coordinator. Microsoft addressed the flaw in security bulletin MS05-051 in October.

Read More