Best of this Week Summary 05 August - 12 August 2007
- A bunch of tips on branching and merging in SubVersion (svn).
- There was quite a lot of security related news this week. Check this good short overview of what happened at Blackhat Ops)2007.
At the conference it was shown that many Web 2.0 sites are making the same mistakes as they were in Web 1.0. For example:
- Improper use of cookies (e.g. CSRF)
- Putting business logic only in the Javascript client
If you want to dive into some more low level security details, here's a presentation from the conference which shows three security related issues. It gives ways to exploit these security issues and ways to prevent and/or detect them:
- DNS rebinding regarding Same Origin Policy in your browser. Also known as cross-IP scripting, also known as TCP relaying. It allows an external attacker to access your internal network, thus bypassing your firewall!
- Provider Hostility, i.e. Internet providers modifying content of data from websites you visit.
- Audio captchas, which is "speech, distorted and overlaid with a quieter speech".
No comments:
Post a Comment