Do you type passwords into web pages? Let me introduce you to your worst nightmare: sslstrip. The author of this program realized that most people don’t type in the https prefix, and don’t look closely for padlock icons. sslstrip takes advantage of this, and transparently hijacks HTTP traffic, replacing all HTTPS links and redirects with look-alikes. Read the full article to understand how this tool takes advantage of a design flaw in the world wide web.
Category: cool
A recent security incident involving embedded executables in GIF images reminded me of the art of steganography. This is the science of hiding secret messages, often in plain sight or in a way that only intended recipients even know a message exists. Such techniques could be as simple as writing a message using disappearing ink, or as complex as deliberately inducing errors in quantum data to encode private data (I love quantum steganography; it’s so bad [pdf]). Here, I will describe one of many ways to hide a simple text file inside of a JPEG image. All you need to have is access to the command line and a RAR or ZIP file archiving program such as WinZip or WinRAR.[…]
Google has recently allowed users to see why it may flag a site as “suspicious.” The service will show any information Google has about potentially harmful websites, including sites that have been compromised and sites that host malicious programs or malware. This is good in two ways— first, users can take advantage of this service whenever they question a site’s legitimacy; and second, website administrators may be alerted if their site gets compromised without their knowledge and starts serving up harmful content. Of course, this assumes the compromise results in something that catches the attention of the Google application. Although this is FAR from a 100% reliable test to determine if a website is safe to visit, it does provide[…]
Just stumbled upon some javascript code for determining what social networking sites you visit. What are you to do if you want readers to promote your content? … You have to decide on which bookmarking site, if any, to dedicate your precious screen real-estate. It’s a hard choice. If you choose poorly your reader won’t vote—it’s not a single click coupled and out-of-sight means out-of-mind—and your content losses its chance to make it big. You have to choose your horse wisely. If you could detect which social bookmarking sites your reader uses, on a per-reader basis, you could display only the badges they care about. But you can’t know that because the browser secures the user’s history, right? Wrong. Let’s[…]
I’m sure many people have already seen that data was recovered from a Columbia (shuttle) hard drive. Yes, this was the shuttle that blew up on reentry back in 2003. Needless to say, the drive would be expected to be quite physically destroyed. There was some quite important research data on the drive, and the drive was sent to OnTrack Data Recovery Services for an attempt at recovery. Well, they were able to recover 99% of the data off of the drive. Now, admittedly, the details on the actual data recovery were slim. How well was it protected inside the shuttle’s hull? What kind of temperatures was it exposed to? What kind of impact did it have? How much did[…]
I thought this was interesting: The pathogen disguises itself as waste material and tricks cells into digesting it, just as they normally would with the remains of dead cells. As the immune response is simultaneously suppressed, the virus can be ingested as waste without being noticed. … As soon as they impinge upon the cell membrane, an evagination forms, a bleb. The virus itself is the trigger for the formation of the evagination. Using a messenger substance to “knock on the door”, the virus triggers a signaling chain reaction inside the cell so that the bleb forms, catches the virus and smuggles it into the cell. Apparently, the vaccinia virus is able to disguise itself as cellular waste which other[…]