Submit a Story!
Votes
topics:

vote down flag
skeptikal.org - 28 days ago
Cross-subdomain Cookie Attacks
I did a talk at Toorcon last weekend on exploiting client-side applications' trust in subdomains. Primarily, it formalized and demonstrated a few attacks on cookies, which implement security policies backwards by placing more trust in a subdomain of a trusted domain, rather than less, as the ...

Blog Reactions

Infosec Ramblings:  Interesting Information Security Bits for 11/03/2009

Security Bloggers Network:  Friday Summary - November 6, 2009

Jeremiah Grossman:  Best of Application Security (Friday, Nov. 6)

More
Comments
Blog Reactions

Interesting Information Security Bits for 11/03/2009
Infosec Ramblings — ... web. A few days ago I pointed out an article that discussed some issues with the default settings for UAC in Windows 7. This article shows that the criticism in the other article is well earned. Windows 7 vulnerable to 8 out of 10 viruses | Chester Wisniewski’s Blog Tags: ( virus windows-7 ) Interested in cross-subdomain cookie attacks? Check out the paper that mckt wrote. It is based on his presentation at Toorcon recently. Skeptikal.org: Cross-subdomain Cookie Attacks Tags: ( webappsec ...

Friday Summary - November 6, 2009
Security Bloggers Network — ... Trade Agreement and some commentary. Money Mule Move Mo’ Money. Cracking Password in the Cloud. Shimmy … Solo. OK, it’s finance, not security, but to echo Gunnar Peterson’s post, here is a ridiculously good interview with Charlie Munger. The video actually got me to change several long held opinions regarding the current financial crisis in an elegant and disarming way. Cross-subdomain Cookie Attacks. Man Sues Over Leaky Baby Monitor. …and ...

Best of Application Security (Friday, Nov. 6)
Jeremiah Grossman — Ten of Application Security industry's coolest, most interesting, important, and entertaining links from the past week -- in no particular order. Regularly released until year end. Then the Best of Application Security 2009 will be selected! Another fine method to exploit SQL Injection and bypass WAF Security and Facebook Platform When Is More Important Than Where in Web Application Security Apple - XSS Attack Cross-subdomain Cookie Attacks PILOT: Production in lieu of testing (AgoraCart FAIL) ...

Network Security Podcast, Episode 173
Network Security Podcast — ... and Twitter. Network Security Podcast, Episode 173, November 10, 2009 Time:  31:45 Google Dashboard lifts curtain on stored data – Yawn.  Give us something useful Analyst:  PCI Security a Devil, ‘Like No Child Left Behind‘ – I want to talk to Josh Corman Cracking Passwords in the Cloud:  Breaking PGP on EC2 with EDPR – Or How much is the password in the window? Cross-domain Cookie attacks – It’s all about trust.  And why you ...

Network Security Podcast, Episode 173
Network Security Blog — ... and Twitter. Network Security Podcast, Episode 173, November 10, 2009 Time:  31:45 Google Dashboard lifts curtain on stored data – Yawn.  Give us something useful Analyst:  PCI Security a Devil, ‘Like No Child Left Behind‘ – I want to talk to Josh Corman Cracking Passwords in the Cloud:  Breaking PGP on EC2 with EDPR – Or How much is the password in the window? Cross-domain Cookie attacks – It’s all about trust.  And why you ...

Network Security Podcast, Episode 173
Network Security Blog — ... and Twitter. Network Security Podcast, Episode 173, November 10, 2009 Time:  31:45 Google Dashboard lifts curtain on stored data – Yawn.  Give us something useful Analyst:  PCI Security a Devil, ‘Like No Child Left Behind‘ – I want to talk to Josh Corman Cracking Passwords in the Cloud:  Breaking PGP on EC2 with EDPR – Or How much is the password in the window? Cross-domain Cookie attacks – It’s all about trust.  And why you ...

Related Content
Browser cookie handling could widen web attack space
scmagazineus.com 25 days ago — Contrary to conventional wisdom, due to the way browsers handle cookies, an attack on a company's subdomain can net an attacker free reign over the principal production domain.
Flash Cookie Forensics
blogs.sans.org 8/29/2009 — Flash cookies have been a hot topic lately with the release of an excellent research paper titled Flash Cookies and Privacy. Flash Cookies, or local Shared Objects in Macromedia parlance, are a great example of a forensic artifact that has existed ...
Turkey whacks Google with $28.7m fine, claims tax dodgingThe Register 28 days ago
Doubts over Dublin domicile Google has run afoul of Turkish tax laws to the tune of 71m Turkish Lira ($47m, £28.7m).… Offloading malware protection to the cloud
Microsoft Slashes Prices for Business Cloud Services, Countering GoogleWindows - RSS Feeds 28 days ago
Microsoft cut the prices of its Business Productivity Suite, and offered new features for its Dynamics CRM Online at no extra cost, as it sought to block cloud-based competition from Google, Oracle and other companies. Although Microsoft has ...
10 Reasons Why Google Should Still Fear MicrosoftWindows - RSS Feeds 28 days ago
NEWS ANALYSIS: Although Google is enjoying some of the best performance it has ever had, the company can't succeed in a vacuum. It's still facing off against Microsoft. And the longer that battle rages, the more Google should be concerned. -  ...
Newfangled cookie attack steals/poisons website credsThe Register 28 days ago
Google, Facebook risk A security researcher has discovered a weakness in a core browser protocol that compromises the security of Google, Facebook, and other websites by allowing an attacker to tamper with the cookies they set.… What is your ...
Huawei Promises Series of Android PhonesCIO.com - Network 27 days ago
China-based Huawei Technologies will release multiple mobile phones using Google's Android operating system in coming months, a company spokeswoman said Wednesday.