Cross site scripting is vulnerabilities in web applications that involves injecting valid HTML or scripts in some form or way. XSS is a very widespread vulnerability (see OWASP TOP 10) on the internet today. It is both easy to eliminate and easy to detect. It is however usually harder to exploit than for example SQL […]
Since the creation of this post, many other ways of retrieving a password has been discovered, e.g. Mimikatz, Lan Turtle & Responder, Konboot and more. Norwegian newspaper claims police is lacking missing persons social media password Today, a major newspaper, VG announced that the progress in the of a missing person case may be set […]
Hacks that work just by changing the URL One legit and one malicious example Some examples require URL encoding to work (usually done automatically by browser)
Today I decided to sign up for Microsoft security bulletin notifications as I am working alot in windows enviroments now and it is important for us to get security patches out there as soon as possible. The list of security notifications can be accessed through 3 options (which can be found here: http://technet.microsoft.com/en-us/security/dd252948) : Email RSS […]
One word On LinkedIn there was a word game in the group “Information Security Community“. The deal was to name what you think is the single most important thing in IT security. The now over 1 year old discussion is still active and keeps popping up in my LinkedIn newsletters. While I do not agree […]
SQLMap – http://sqlmap.sourceforge.net/ SQLMap is an open source and free automatic SQL injection and database takeover tool. I’ve found it extremely usefull for doing blind SQL injection as it is normally extremely tedious work to get it done quickly. However for this article I will only cover the enumeration function.
A friend of mine worked at the IT department of a school and we had a talk about what consequences it may have if a laptop without disk encryption got into the wrong hands. He could not see what the big deal was if a student computer got lost so I suggested that if he would borrow me a computer from the school I would try to see what potential risks could come out of it. The laptop I got was old, worn down and scheduled for recycling. Perfect for this scenario!