A lot of companies and organisations does not do password resets properly today. Here is a recipe on how to do it securely. User enters the login page. This must be loaded over HTTPS. User clicks the “Forgot password” button. The user must then supply something unique to the user, e.g. email or username. The backend […]
Today I received the following message from a LinkedIn contact: Greetings, I hope all is well with you, please review this recommendation for an investment opportunity which am considering a partnership with you if you’re interested. I hope that the reasons for this investment, which are alluded to in more details in the enclosed document( […]
I was privileged enough to be interviewed on Norwegian breakfast TV Saturday morning. The reporter had asked me to try hack his Facebook account the day before. Do you think he regret his decision? Here is the clip: – Norwegian (original): www.tv2.no/v/867173/ – English: https://www.youtube.com/watch?v=JhMpjSiqq5s (turn on subtitles)
I’ve just released a blog post over at SANS pen-testing blog. Check out my latest article there: http://pen-testing.sans.org/blog/pen-testing/2014/12/04/cross-site-scripting-through-file-metedata It contains details on using metadata as an attack vector, and using these techniques to metadata bomb documents to find zero-days. I hope you enjoy it.
Go, go, go… Install this ASAP for quick and immediate patch.
Venn diagrams are often over-used, however in this scenario it is a truly perfect fit for explaining SQL Joins. If you ever wonder how a join works or which join you should use, take a look at this picture: [important]Credits to CL Moffatt for creating this picture: http://www.codeproject.com/Articles/33052/Visual-Representation-of-SQL-Joins[/important]
There is no excerpt because this is a protected post.
I am very surprised that people, still today, do not have sufficient knowledge of the existence of password managers. They make IT life so much easier for us! Think about what us security people are preaching: “You need to have a unique password for every single account”. That’s pretty rough demand, especially if the password […]
I’ve just done a video demonstration for SANS Spectacular Pentest Video Contest. I hope you enjoy it!
Security seems to be, for many, the idea of keeping everything clinical clean, not getting hacked and preventing introducing new risk to the equations. Well guess what, there’s no such thing as clinical clean in security, and I hate to break it to you, but IT security is about minimizing loss and reducing risk. It […]