rsnake

ZDNet Resources

• sort by:
• Relevance
• Date
• Popularity

RSnake picks on Google Health... yes, Google wants your medical records, too!

RSnake picks on Google Health... yes, Google wants your medical records, too!They'll have to pry them off of my cold, dead fingersHow much do you want to bet I won't even notice? Or even have a say in the matter. :(It's bad enough Microsoft wants to take over the world....

Tags: Vertical industries, Google Inc., RSnake, Google Wants, Google Health, medical record, health care

Discussion threads 2008-05-22

RSnake picks on Google Health... yes, Google wants your medical records, too!

Interesting article from Robert "RSnake" Hansen yesterday on one of Google's new innovations, the Google Health application.  Yeah, imagine that, Google wants to own the content of your medical records, too!  You'd think that Google would want to avoid this due to HIPPA complications, as this is a true example of...

Tags: Google Inc., Health Care, Medical Record, RSnake, Hipaa, Vertical Industries, Benefits, Healthcare, Regulatory Compliance, Security, Regulations, Government, Enterprise Software, Software, Human Resources, Policies And Procedures, Nathan McFeters

Blog posts 2008-05-22

Additional Resources

Google Chrome vulnerabilities starting to pile up

[ UPDATE: See below for Google's official response to these issues ] Security vulnerabilities in the new Google Chrome browser are beginning to pile up. Following our coverage of the carpet bombing combo threat and denial-of-service crashes, several readers have sent pointers to...

Tags: Google Inc., Vulnerability, Web Browser, Google Chrome, ModSecurity, Web Browsers, Security, Internet, Ryan Naraine

Blog posts 2008-09-05

2008 Pwnie Award nominees announced

Well, after getting 134 nominations, and spending countless hours pulling out nominees, the judges for the 2008 Pwnie Awards have announced the final nominees to be voted on.  From the site: The final list of nominees for the nine Pwnie Award categories is ...

Tags: Attack, Flaw, Lifelock, Nathan McFeters, Nominee, Security, Vulnerability, XSS, XSS Flaw

Blog posts 2008-07-21

News to know: Windows 7; Google's Safe browsing; Perlow's spine

Notable headlines: Ed Bott: How much do you need to know about Windows 7 today? Dancho Danchev: Google introducing Safe Browsing diagnostic to help owners of compromised sites Nate McFeters: More Snake Oil: LifeLock spokesperson's stolen id leads to law suits Jason...

Tags: Google Inc., Microsoft Windows 7, Apple Inc., Microsoft Corp., OpenDocument Format, Twitter, OpenDocument Format (ODF), Microsoft Windows, Linux, Operating Systems, Emerging Technologies, Software, Larry Dignan

Blog posts 2008-05-23

Patches in ten f***ing days? Not really, says Mozilla

Mozilla has moved swiftly to put the kibosh on late-night chatter that it can turn around patches for security flaws within ten days.The "ten f-ing days" boast came directly from Mozilla Director of Ecosystem Development Mike Shaver during a Black Hat party conversation with hacker Robert "RSnake" Hansen.We showed up,...

Tags: Security, Patch Management, Mozilla Corp., Ryan Naraine

Blog posts 2007-08-06

Firefox raises barrier to cross-site scripting attacks

Mozilla has quietly fitted a new security feature into the latest Firefox update, adding the ability for the browser to prevent cross-site scripting attacks.The change, which was not officially announced, implements httpOnly cookies in Firefox 2.0.0.5, the most recent refresh of the open-source browser.Web application security experts are welcoming the...

Tags: Zero-day attacks, Windows Vista, Wi-Fi security, Vulnerability research, Viruses and Worms, Spyware and Adware, Spam and Phishing, Rootkits, Responsible disclosure, Pen testing, Patch Watch, Passwords, Open source, Mozilla, Microsoft, Hackers, Google, Firefox, Exploit code, Digital rights management, Data theft, Browsers, Botnets, Apple

Blog posts 2007-07-19

Beware of that man between you and your Google Desktop

Last month, I wrote a piece about Robert Hansens Mr-T (Master Recon-Tool), a powerful tool that harvests data leaking out of Web browsers. In the post, I talked about how these types of reconnaissance tools could be combined with sniffers and information from vulnerability databases to lay the groundwork...

Tags: Zero-day attacks, Vulnerability research, Viruses and Worms, Spyware and Adware, Spam and Phishing, Rootkits, Responsible disclosure, Pen testing, Patch Watch, Passwords, Open source, Mozilla, Metasploit, Hackers, Google, Firefox, Exploit code, Digital rights management, Data theft, Browsers, Botnets

Blog posts 2007-06-01

Unprotected Google directory spills database data

Google has hurriedly fixed a gaping hole in its Web page removal request tool after outsiders discovered they could traverse up the directory root, browse folders and find weak database passwords.The flaw, first reported by Earl of Grey's blog, exposed an unprotected internal Google directory. The Hacker Webzine...

Tags: Botnets, Browsers, Data theft, Exploit code, Google, Hackers, Metasploit, Mozilla, Open source, Passwords, Patch Watch, Pen testing, Privacy, Vulnerability research, Zero-day attacks

Blog posts 2007-05-31

'Month of bugs' spotlight hits search engines

A Ukranian hacker known as "Mustlive" has announced plans for a Month of Search Engine Bugs project in June 2007.[The] purpose of this Month of Bugs is a demonstration of real state with security in search engines, which are the most popular sites in Internet. To let users of search...

Tags: Apple, Botnets, Browsers, Data theft, Exploit code, Google, Hackers, McAfee, Metasploit, Microsoft, Open source, Passwords, Patch Watch, Pen testing, Responsible disclosure, Viruses and Worms, Vulnerability research, Zero-day attacks

Blog posts 2007-05-18

Do you know what's leaking out of your browser?

Information seeping out of your Web browser could provide a gold mine for hackers doing reconnaissance for targeted attacks.At the ToorCon Seattle beta conference, Web application security specialist Robert Hansen RSnake demoed Mr-T (Master Recon-Tool), a new utility that combines information disclosure flaws in Internet Explorer and Firefox to collect...

Tags: Firefox, Exploit code, Data theft, Browsers, Botnets, Black Hat, Google, Hackers, Metasploit, Microsoft, Open source, Passwords, Patch Watch, Pen testing, Privacy, Responsible disclosure, Spam and Phishing, Spyware and Adware, Vulnerability research, Wi-Fi security, Zero-day attacks

Blog posts 2007-05-14

Hackers in Seattle for Microsoft's Blue Hat, ToorCon

White hat hackers have descended on Seattle for two semi-private security conferences where new attack and exploitation techniques are being discussed.The first is the Spring 2007 edition of Microsofts Blue Hat Security Briefings where researchers are invited to Redmond "to share knowledge and to educate and help protect customers against...

Tags: Botnets, Browsers, Data theft, Digital rights management, Exploit code, Hackers, McAfee, Metasploit, Microsoft, Passwords, Patch Watch, Pen testing, Punditocracy, Responsible disclosure, Viruses and Worms, Vulnerability research, Wi-Fi security, Windows Vista, Zero-day attacks

Blog posts 2007-05-10

Beware of data seepage on Google Calendar

If you use Google Calendar to set up corporate meetings or private conference calls, you might want to be careful about how that data is available to the rest of the world.Heres an example of the kind of information that leaks out via Google Calendars public search feature:Go to Google...

Tags: Firefox, Exploit code, Data theft, Browsers, Vulnerability research, Responsible disclosure, Privacy, Hackers, Google

Blog posts 2007-04-18

JavaScript bug-hunting tool leaks out

The source code for Billy Hoffman's Jitko has leaked out onto the Internet.Hoffman was due to release the code for the JavaScript bug hunting tool at SchmooCon last month but after "higher-ups" and Spi Dynamics "change their minds," the tool was withheld from attendees.Now, Hoffman confirms that the code has...

Tags: Zero-day attacks, Vulnerability research, Viruses and Worms, Responsible disclosure, Pen testing, Open source, Hackers, Google, Exploit code, Data theft, Browsers, Botnets

Blog posts 2007-04-02

Punditry: Will Microsoft buy flaws?

Last week, I wrote about hackers starting to agitate for Microsoft and other software vendors to start paying for information on security vulnerabilities. As a follow-up to that post, I pinged a few security research pros, asking whether they agreed its inevitable will start buying bugs. The responses: Dan...

Tags: Microsoft Corp., vulnerability, security

Blog posts 2007-03-19