Sponsored White Papers, Webcasts, and Downloads
Additional Resources
- Web 2.0 Expo: Top ten Web hacking techniques
- A large portion of the Web 2.0 Expo attendees are focused on content. They want to create better, more engaging content for social media programs and Web engagement with their customers. But the Web and application developers behind this content need to know how to secure it. This is what...
- Tags: Technique, Web, Web 2.0, Hacking, Attacker, Attack, Clickjacking, Channel Management, Security, Marketing, Jennifer Leggio
- Blog posts 2009-04-01
- Web 2.0 Expo: Recommended sessions for social business
- It's about that time to gear up for Web 2.0 Expo (#w2e) next Tuesday through Friday at Moscone West in San Francisco. I am excited about the content that TechWeb / O'Reilly Media, Inc., has produced and I have put together the following schedule for myself. Why should you care?...
- Tags: Web, Social Media, Web 2.0, Channel Management, Internet, Marketing, Jennifer Leggio
- Blog posts 2009-03-27
- Webcam hijack demo highlights clickjacking threat
- [ UPDATE: The details are out. Lots of unresolved clickjacking issues] A security researcher in Israel has released a demo of a "clickjacking" attack, using an JavaScript game to turn every browser into a surveillance zombie. The release of the demo follows last month's...
- Tags: Webcam, Click, Web Browser, Twitter, Raff, Games, Web Browsers, Security, Personal Technology, Internet, Ryan Naraine
- Blog posts 2008-10-07
- Firefox + NoScript vs Clickjacking
- In response to my story earlier on the cross-browser Clickjacking exploit/threat, I received the following e-mail from Giorgio Maone, creator of the popular Firefox NoScript plug-in: Hi Ryan, I've seen a lot of speculation and confusion in the comments to your Clickjacking article about NoScript not...
- Tags: Mozilla Firefox, Speculation, Web Browsers, Internet, Ryan Naraine
- Blog posts 2008-09-25
- Clickjacking: Researchers raise alert for scary new cross-browser exploit
- Clickjacking: Researchers raise alert for scary new cross-browser exploitText or graphicremember there use to be a link on web pages if you wanted text only or graphics.that should be put back in placein the wild?"Zero-day" means that the exploit was being used in the wild before a patch was released...
- Tags: Web site development, Web browsers, exploit writer, Clickjacking, exploit
- Discussion threads 2008-09-25
- Clickjacking: Researchers raise alert for scary new cross-browser exploit
- [ UPDATE: See e-mail from NoScript creator Giorgio Maone on a possible mitigation ] Researchers are beginning to raise an alarm for what looks like a scary new browser exploit/threat affecting all the major desktop platforms -- Microsoft Internet Explorer, Mozilla Firefox, Apple...
- Tags: JavaScript, Web Browser, Web Browsers, Scripting Languages, Internet, Software/Web Development, Web Development, Ryan Naraine
- Blog posts 2008-09-25
- Black Hat Las Vegas Day 2
- Again, sorry for the late updates. Vegas is the kind of place that demands a lot of a person. Too many parties make it difficult to find time to blog on the conference. Pictures of the even are a bit sparse, due to consistently forgetting to bring my camera, but...
- Tags: black hat, microsoft corp., applet, image, vegas, nathan mcfeters
- Blog posts 2008-08-09
- Black Hat Sneak Preview
- Rob McMillan from IDG interviewed John Heasman and I today about the presentation we will be delivering with Rob Carter at Black Hat Vegas next week. The article has a good teaser about one of the more interesting of the many attacks we will cover, namely what we've coined...
- Tags: Black Hat, Java Applet, Web Application, Web Browser, Applet, Attack, GIFAR, Java, Programming Languages, Security, Software Development, Software/Web Development, Nathan McFeters
- Blog posts 2008-08-01
- PCI-DSS 1.1 points to outdated OWASP Top 10
- OK, I'm not going to freak out about this too bad... I've already pointed out enough problems with PCI, but I did find it morbidly entertaining. My good friend Jeremiah Grossman pictured at right blogged today about the PCI-DSS 1.1 section 6.5, which covers "prevention of common coding vulnerabilities in...
- Tags: XSS, PCI, Security, Storage, Hardware, Nathan McFeters
- Blog posts 2008-07-02
- McAfee partner isn't McAfee secure
- I was over reading Russ McRee's blog today, and I've got to say, if McAfee's HackerSafe (or whatever they're calling it now) doesn't die off soon, then he'll be able to write a novel about their trials and tribulations. Apparently, McAfee authorized distributor Winferno.com is not HackerSafe......
- Tags: McAfee Inc., Video, Russ McRee, Corporate Communications, Marketing, Nathan McFeters
- Blog posts 2008-05-20
- McAfee's HackerSafe: "Um... we go in like a super hacker"
- Updated 05/16/2008 2:00 p.m. CST: I officially have my first customer for the "Nate McFeters Safe" certification and Jeremiah Grossman and I have signed up another member for Scanless PCI, as noted security researcher Russ McRee has purchased our certifications, see http://holisticinfosec.blogspot.com. God is good and created YouTube for laughs...
- Tags: Nathan McFeters
- Blog posts 2008-05-16
- Should Microsoft start paying for vulnerabilities?
- Hackers are starting to agitate for Microsoft to start paying for information on security flaws found in its software products.The issue surfaced this week after the MSRC Microsoft Security Response Team posted a message on the sla.ckers.org message board, calling on third-party researchers to submit vulnerability information directly to Redmond...
- Tags: SECURITY, Microsoft Corp., responsible disclosure, vulnerability, hacker, software
- Blog posts 2007-03-15
- << Previous
- page 1 of 1
- Next >>
White Papers and Webcasts
A simplified IT environment isn't just less complex. It's also more reliable. Standardize on a single Linux platform with SUSE Linux Enterprise from Novell, and get the world's most interoperable Linux
The Business Essentials Guide provides you useful tools and templates to help grow your business and save you time with automated shipping solutions.
Doc delivers the scoop on today's enterprise content management, printer maintenance, and all other issues related to document management. It's the DocuMentor Blog.
