Bypass iPhones screen lock (iOS 4.1)
Nov 02A recent security flaw in Apple’s iOS allows access to the device while the phone is “locked”.
iOS is used in the iPhone 4, 3G and 3GS models so the attack has a high possible reach.
With a few key presses you can make calls, listen to voicemail, browse the call history and address book!
This short article details how the attack works.
Jailbreak my bank account!
Dec 08While the Mac OS may be almost impervious to trojans and virii, the iPhone isn’t.
In recent weeks there have been three different trojans aimed at taking control of jail broken iPhones and one of these trojans tries to steal any banking data stored on the phone! As more and more banks release iPhone apps to make banking on the move easier, the possible attack vector for the...
AV Arcade BugFix – XSS Exploit
Jan 06The Problem:
EDITED::…
This was originally reported as link spam, but could easily be a lot worse.
When registering, the user name field is open to possible attack.
Code will be processed on the members page.
The code can be overflown to the homepage fairly easily.
XSS can be used.
I would now consider this as a serious...
XSS and web form security
Nov 13There are many instances when user input is needed. But allowing just any code to be passed can cause severe problems and lead to even the most annoying 10 year old script kiddie writing “PWND” all over website!
There a are some simple steps which you can take to prevent most of these.
This article will go over some of the fundamental
SockStress – TCP/IP Vulnerability
Oct 09A serious TCP/IP Vulnerability known as “SockStress” has been found, exploited, and information released by a Security group called Outpost24.
This latest vulnerability not only has severe implications for many web masters, designers and programmers, but also affects routing servers and any system with TCP stack processes exposed to the outside world.
After...
Securing Your Most Personnel Files
Oct 03We are all aware of the threats faced while online or connected to the internet.
But think about the security problems that could arise if your laptop, flash drive or cds were stolen!
Physical theft is often overlooked when thinking about the security of your personnel details.
As security online increases and encourages secure passwords, they also get harder to remember.
Flash Game Hacked?
Sep 10A friend of mine just sent me the URL to a flash game (for obvious reasons I will not share the link) which is part of a number of games with a price of 10.000 EUR in the end. One would believe that a game with such a price money is secure. Especially when the organising party is an internet provider.
But guess what… At the end of the flash game you can...
Javascript Security Tutorial
Sep 04JavaScript is designed as an open scripting language. It is not intended to replace proper security measures, and should never be used in place of proper encryption.
JavaScript has its own security model, but this is not designed to protect the Web site owner or the data passed between the browser and the server. The security model is designed to protect the user from malicious Web...
Blocking Proxies Tutorial
Sep 04Since a lot of people proxy DDoS, it’s useful to protect your site against it.
You have three options if you have total control over the server…
- Detect proxies and block them on firewall/mod_security level
- (1) Detect them via PHP and block them via .htaccess
- (2) Detect and block them via .htaccess (new method...
Password Security Tips
Sep 04A simple list of Dos and Donts to consider when creating new accounts or updating passwords for current accounts you have.
It may sound simple, but mistakes can often be made when in a rush or creating multiple accounts.
This post contains common good practice. Why not get into the habit of creating good passwords, before bad habits set it?