Do you remember Myspace? I had all but forgotten this old social network (now music streaming site?) until I learned that anyone can hijack your Myspace account with three easily attainable pieces of information. In her blog post, a UK security expert shares how she could take over your account if she knows your name and date of birth. Watch today's video to learn more about … [Read more...]
Punycode Phishing – Daily Security Byte
Punycode is one of the ways to represent the Unicode character set using limited ASCII characters, and Unicode is an extended character set used to represent many other types of non-alpha numeric characters. Unfortunately, a Chinese researcher found vulnerabilities in the way Chrome and Firefox handle punycode that could allow attackers to create some pretty legitimate looking … [Read more...]
LastPass Remote Code Execution Vulnerability
Password manager LastPass announced this morning that it had resolved two vulnerabilities in its Chrome and Firefox browser extensions. The vulnerabilities, originally reported by Google security researcher Travis Ormandy, could have allowed an attacker to send arbitrary commands to a victim’s LastPass browser extension. An attacker could exploit this flaw to fetch saved … [Read more...]
90s Web Insecurity – Daily Security Byte
In my demos, I often show the most basic web applications vulnerabilities. For instance, I show a SQL injection in a very badly designed web login interface. I use this particular example because I think it's relatively easy for non-security and less technical people to understand. The thing is, web applications and SQL injection have both evolved well beyond this old-school … [Read more...]
Phishing for Valentines of Facebook
When I logged into Facebook on Saturday morning to view information about an upcoming event, I found my feed was flooded with identical posts from many different, unrelated friends. Each post followed the same template of poorly worded English followed by a link in the comments. Being the curious researcher that I am, I loaded up an analysis VM, logged into a fake Facebook … [Read more...]