Popularity has its drawbacks. As the iPhone and the Mac gain in popularity, hackers are starting to take notice. Part of the reason for increased popularity of Macintosh computers is that Apple has made the machines friendlier to running programs popular on Windows-based machines. Hackers experienced with attacking Windows programs can apply some of their [...]
There’s been a couple interesting stories online today concerning security. A Russian group is accused of hijacking more than 100,000 computers for gathering personal data, and the TJX hackers have finally been charged as well. The ID theft ring stole more than 40 million credit and debit card numbers, said Michael Sullivan, U.S. attorney for [...]
After being hacked (I think I was vulnerable because I hadn’t updated WordPress), I was forced to do a little cleanup around ScarTech.net. Part of the cleanup and upgrades include a nice new theme. I’ll detail the hack in a later post.
In the next installment of my security series, I’ll tackle SQL injection. In the true code reuse fashion, I’ll provide a couple links that do a great job of explaining some misconceptions about SQL injection and how to protect your application. First here’s a link to a post on Glen Gordon’s blog about injection: http://blogs.msdn.com/glengordon/archive/2008/04/15/some-sql-injection-attack-misperceptions-and-reality.aspx. [...]
Continue reading about Getting Serious About Security – Part 3 – SQL Injection
Cross site scripting can be a tough vulnerability to eliminate, but it doesn’t necessarily have to be. If you’re working on an ASP.NET project, the Microsoft Anti-XSS library is easy to use and freely available. Like a lot of developers, I’ve rolled my own anti-XSS by escaping specific characters, but it’s usually clunky and let’s [...]
Continue reading about Getting Serious About Security – Part 2 – XSS
At work we’ve started a pretty aggressive re-write of our web applications. We’re moving them all to a set of common style-sheets, graphics and master pages as well as putting both our web server and SVN repository into a logical structure. What started as just a few ASP.NET applications, has grown to a jumbled mix [...]
Continue reading about Getting Serious About Security – Part 1
If you consider yourself even a little bit of a geek, you would never trust your home wireless network to WEP encryption simply because it can be cracked in a matter of minutes. I insist on better protection for my iTunes share on my local network. Would you trust it to protect your customers’ personal and [...]
Picture the following scene. It’s a dark, smokey room. Gathered around a table are the godfathers of several powerful crime families. They’ve huddled together to discuss their next big move. It sounds like yet another gangster movie, but it looks like something similar has happened in the world of online criminals. According to this news story, it looks [...]
Continue reading about The Case of the Missing Crime Syndicate
Like most good developers, I always take precautions to prevent SQL injection. We’ve also got to worry about cross-site scripting, but now cross-build injection is becoming a concern. Apparently an attacker compromises a server that houses a build component or the DNS server used to find that server. The attacker can then take control of the build machine [...]