Recently, Google Reader homepage has been updated with a small feed reader on 3 feed categories: News, Popular, Sport.
You can access this Google Reader lite directly instead of via iFrame.
Jun 30, 2009
Jun 29, 2009
Forensic on Microsoft Office Document Metadata
This is a post about performing metadata forensics on office documents using some tools: wmd.pl, SSView, BIFFView.
As a forensic practitioner, you shouldn't have miss the Deeply Embedded Metadata at CmdLab.
As a forensic practitioner, you shouldn't have miss the Deeply Embedded Metadata at CmdLab.
Jun 28, 2009
DoS in HTTP
This weekend, I've been spending time checking on a couple of posting about denial of service (DoS). Of course, it is all begin with the recently HTTP DoS (not TCP DoS), Slowloris.
This is an effort in performing DoS attack to vulnerable HTTP servers rather than TCP services. A few common web servers have been identified to be vulnerable to this type of attack including Apache 1.x and 2.x. But our favorite IIS is NOT vulnerable.
Ans don't forget to check out the DoS attack to HTTP using Google Analytics. This is interesting as it is targetting those shared sub-domain sites, such as blogspot.com, and browsers that allow top level domain cookies. The idea here is, if you can set a large enough cookie (8190 bytes), you can DoS someone's client from accessing the web page. The limit for a cookie is 4K, but you can use 2 cookies at Google Analytics as a attack vector. This is serious.
The other posts from WebSecurity are interesting too. It classifies HTTP DoS attacks for both the browser and web application. One very interesting post from WebSecurity is the "Recursive File Include DoS Attack". See the links below.
Check them out if you have time:
This is an effort in performing DoS attack to vulnerable HTTP servers rather than TCP services. A few common web servers have been identified to be vulnerable to this type of attack including Apache 1.x and 2.x. But our favorite IIS is NOT vulnerable.
Ans don't forget to check out the DoS attack to HTTP using Google Analytics. This is interesting as it is targetting those shared sub-domain sites, such as blogspot.com, and browsers that allow top level domain cookies. The idea here is, if you can set a large enough cookie (8190 bytes), you can DoS someone's client from accessing the web page. The limit for a cookie is 4K, but you can use 2 cookies at Google Analytics as a attack vector. This is serious.
The other posts from WebSecurity are interesting too. It classifies HTTP DoS attacks for both the browser and web application. One very interesting post from WebSecurity is the "Recursive File Include DoS Attack". See the links below.
Check them out if you have time:
Jun 26, 2009
DEFCON Tools Page
Now, DEFCON has its tools page up!
This is a repository of the great and innovative tools that have accompanied DEFCON talks over the years. Have fun!
This is a repository of the great and innovative tools that have accompanied DEFCON talks over the years. Have fun!
- https://www.defcon.org/html/links/dc-tools.html
Free Skype-in with Ring2Skype
Tags:
Skype
Ring2Skype is a new free service that allows you to receive phone calls on your Skype from the phone network!
Once you sign up, you will get a phone number and a private extension. All calls to your extension ring at your Skype. That’s it. Simple, Reliable and FREE.
Once you sign up, you will get a phone number and a private extension. All calls to your extension ring at your Skype. That’s it. Simple, Reliable and FREE.
Subscribe to:
Posts (Atom)