Musings on Information Security and Data Privacy: September 2008

Here is a picture of my next mid-term project :

Https connections are often used to transfer important data, such as passwords, PINs, or credit card numbers. The browser ensures that the sender can be identified with a valid certificate and that the transferred data are encrypted. An error in the Debian Linux distribution has generated numerous certificates that are child's play to crack. Many servers still use these weak certificates, even though it is impossible to establish a secure connection using them. The heise SSL Guardian checks the SSL certificates and warns you when it detects a weak one.

Download :
http://www.heise-online.co.uk/security/Heise-SSL-Guardian--/features/111039/

IE8 XSS Filter bypass

| 0 comments ]

Together with the server-side stripslash() php function this call slips through the IE8 XSS filters because it strips the slashes server side and such evades IE8 detection when the HTTP request is being sent by IE8:

See: http://www.0x000000.com/?i=634

About Me

Total Pageviews

Blog Archive

Featured Post

A Primer on dealing with the DPA of Luxembourg - the CNPD

Popular Posts

Blogs I read

Links

Labels