December, 2009

article thumbnail

Concerned about security? Then pay attention.

CompTIA on Cybersecurity

Todd was featured on WGN Midday News today giving some tips on how to keep your mobile devices and information safe while travelling this holiday season. The CompTIA President and CEO urged travelers to keep their devices password-protected and to use secure connections.But “the overwhelming biggest security risk is just people not paying attention,” Thibodeaux told anchor Steve Sanders.

Mobile 52
article thumbnail

Generic cross-browser cross-domain theft

Scary Beasts Security

Well, here's a nice little gem for the festive season. I like it for a few distinct reasons: It's one of those cases where if you look at web standards from the correct angle, you can see a security vulnerability specified. Accordingly, it affected all 5 major browsers. And likely the rest. You can still be a theft victim even with plugins and JavaScript disabled!

51
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Cross-domain search timing

Scary Beasts Security

I've been meaning to fiddle around with timing attacks for a while. I've had various discussions in the past about the significance of login determination attacks (including ones I found myself) and my usual response would be "it's all moot -- the attacker could just use a timing attack". Finally, here's some ammo to support that position. And -- actual cross-domain data theft using just a timing attack, as a bonus.

50
article thumbnail

Bypassing the intent of blocking "third-party" cookies

Scary Beasts Security

[Aside: I'm not sure anyone cares, particularly because the "block third party cookies" option tends to break legitimate web sites. But I'll document it just in case :)] Major browsers tend to have an option to block "third-party" cookies. The main intent of this is to disable tracking cookies used by iframe'd ads. It turns out that you can bypass this intent by abusing "HTML5 Local Storage".

50
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.