Tejeddine Mouelhi
  • Home
  • My blog
  • My publications
  • About my research
  • Java programs
  • Pictures
  • pagex

XSS in YouTube

7/6/2010

0 Comments

 
Even google famous video sharing website Youtube is vulnerable to XSS attacks. The attack is surprisingly simple and I wonder why it has not been tried before.
Hackers were able to use this vulnerability during last days to redirect users to porn websites. 
XSS attacks are very difficult to protect against. Input filtering can never be the solution. What is needed in automated tools to systematically protect against this attack.
0 Comments

Successful XSS attack against Apache Infrastructure

4/14/2010

0 Comments

 
Apache was hit by a an attack that combined XSS and brute force. The hacker attack was impressive, they were able to take control of server machines and to get passwords and logins of admin users.
Full report of the attack was published by Apache team here.
0 Comments

Google under attack from China

1/14/2010

0 Comments

 
A sophisticated attack against Google coming from china. It is  interesting to see how this was done.
It was based on phishing and on installing malware on victim computer to access to their gmail attack. The victims are chinese human right activists. And they were able to access two gmail accounts.

Update.
A demo of the attack using Metasploit tool can be watched here.



0 Comments

The first iphone worm in the wild

11/23/2009

0 Comments

 
The first worm target iphone is in the wild. I think we will here more about new worms targeting smartphone from now on.
0 Comments

Is it possible to trust the compiler ?!

9/2/2009

0 Comments

 
An interesting post from veracode blog about trusting compilers.
To sum up the issue is that kaspersky and F-Secure labs published a sample of a new kind of viruses that target compilers in order to modify them to make them inject malicious code when compiling sources.
The overall approach is interesting. However, as I have posted in response to the post.
It is clear that compilers cannot be trusted anymore. However, I don't think that it is hard to detect that the compiler is malicious.
An easy and simple way would be to take a simple program, say the HelloWorld program and a compiled version, a trusted one. For this, the binary code should be reviewed (this is possible, even manually because the code is simple).
Then we compare the compiled version we get using the compiler (to be tested) with the other 'trusted one'.
No need to go with complex binary analyses, as suggested by Chris's paper.

0 Comments

Facebook and twitter DDOS

8/9/2009

0 Comments

 
The two popular social networking (and other websites) websites have been targeted by distributed denial of service DDOS attacks.
The attack was against only one user, a georgian blogger, to "keep his voice from been heard".
With millions of users connected to these social network websites, how many times will they be targeted by DDOS to target only one user account.
0 Comments

Mcfee XSS vulnerabilities

5/28/2009

1 Comment

 

Mcfee websites were found to be vulnerable to XSS. It is funny because some of these websites are certified secure by Mcfee. We can wonder how they were tested.

1 Comment

What is new in Windows 7?

3/2/2009

0 Comments

 

If you want to know what is new in the new version of windows you should check this out. It is listing the main chage since the beta version.

It seems MS will not change many things, except some performance optimization and some improvements of the interface.

0 Comments

Office 14 going into the cloud

2/26/2009

0 Comments

 

The next release of Office, which is expected in 2010 will be a cloud based apps, offering access to word, excel etc. from the internet.


0 Comments

Bespin, or how to rethink code editors

2/20/2009

1 Comment

 

Cloud apps are starting to be everywhere these days.
Mozilla is realeasing Bespin an online code editor based only on HTML 5 technologies (mainly Javascript).
You can play with it here or grab the code to see how it is done.

I think that this kind of software is very interesting.  I played with it a little bit and I think that it is well done and includes some very nice features (it is pretty fast, scales well etc...).

But still, from a security point of view, I remain pessimistic about the privacy issue. The files are stored and modified in the cloud.

1 Comment
<<Previous
Forward>>

    Author

    Dr. Tejeddine Mouelhi
    Expert in IT security & security/software testing

    View my profile on LinkedIn

    Archives

    April 2020
    August 2018
    June 2016
    July 2015
    July 2013
    October 2012
    March 2012
    November 2011
    May 2011
    April 2011
    July 2010
    April 2010
    January 2010
    November 2009
    September 2009
    August 2009
    May 2009
    March 2009
    February 2009

    Categories

    All
    All
    Application Security
    Funny
    Research
    Security Blog
    Worth Reading

    RSS Feed

Powered by Create your own unique website with customizable templates.
  • Home
  • My blog
  • My publications
  • About my research
  • Java programs
  • Pictures
  • pagex