You can’t go to a security conference nowadays and not hear at least 700 references to Sun Tzu and his writing, The Art of War. And how important and relevant that book is to the world of Information Security. But let’s not limit our focus to the InfoSec guys. Life coaches (whatever they are) are abusing… Continue reading Look too much into the Sun (Tzu) and you will be blinded
Category: Attack vectors
http vs https performance
A while ago I had a huge argument with a development team regarding the usage of https. Their major concern was that the impact on performance would be so big that their servers wouldn’t be able to handle the load. Their approach was to use https just for the login sequence and plain text communication… Continue reading http vs https performance
Security concerns regarding cloned Facebook accounts
What is Facebook account cloning? A form of identity theft in which a malicious attacker impersonates a legitimate user. This is done by creating a copy of the original account. An attacker would most likely: create an account under the same name as the victim using a public email address (Gmail, Yahoo, etc.) copy all… Continue reading Security concerns regarding cloned Facebook accounts
Does it pay to be a BlackHat hacker?
Dan VASILE @DefCamp Bucharest 2013
Techniques to play with custom and encrypted protocols
An interesting presentation from DEFCON20 provided by Elie Bursztein and Patrik Samy called “Fuzzing Online Games” touches areas of application security where traffic analysis is not enough to perform a penetration test. As stated by the authors: “In a nutshell the lack of direct access to the game server and having to deal with clients… Continue reading Techniques to play with custom and encrypted protocols
Attacking the lottery
This is purely a theoretical attack on a lottery system. No magic combinations or generators, no syndicates or reading the stars, just a plain attack on the system. First of all, there are some perquisites. One will need an insider or more in order to carry out the attack, but this should not be a… Continue reading Attacking the lottery