December, 2009

article thumbnail

Concerned about security? Then pay attention.

CompTIA on Cybersecurity

DECEMBER 21, 2009

Todd was featured on WGN Midday News today giving some tips on how to keep your mobile devices and information safe while travelling this holiday season. The CompTIA President and CEO urged travelers to keep their devices password-protected and to use secure connections.But “the overwhelming biggest security risk is just people not paying attention,” Thibodeaux told anchor Steve Sanders.

Mobile 52
Mobile Passwords Risk 52
article thumbnail

Generic cross-browser cross-domain theft

Scary Beasts Security

DECEMBER 28, 2009

Well, here's a nice little gem for the festive season. I like it for a few distinct reasons: It's one of those cases where if you look at web standards from the correct angle, you can see a security vulnerability specified. Accordingly, it affected all 5 major browsers. And likely the rest. You can still be a theft victim even with plugins and JavaScript disabled!

51
51
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Trending Sources

article thumbnail

Cross-domain search timing

Scary Beasts Security

DECEMBER 11, 2009

I've been meaning to fiddle around with timing attacks for a while. I've had various discussions in the past about the significance of login determination attacks (including ones I found myself) and my usual response would be "it's all moot -- the attacker could just use a timing attack". Finally, here's some ammo to support that position. And -- actual cross-domain data theft using just a timing attack, as a bonus.

50
50
article thumbnail

Bypassing the intent of blocking "third-party" cookies

Scary Beasts Security

DECEMBER 22, 2009

[Aside: I'm not sure anyone cares, particularly because the "block third party cookies" option tends to break legitimate web sites. But I'll document it just in case :)] Major browsers tend to have an option to block "third-party" cookies. The main intent of this is to disable tracking cookies used by iframe'd ads. It turns out that you can bypass this intent by abusing "HTML5 Local Storage".

50
50
article thumbnail

Why Giant Content Libraries Do Nothing for Your Employees’ Cyber Resilience

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

 

Stay Connected

Join 28,000+ Insiders by signing up for our newsletter

About
About
Editions
Editions
Topics
Powered by Aggregage | Terms and Conditions | Your California Rights and Privacy Policy | Cookie Settings
© Aggregage 2025