8 posts • joined 24 Oct 2007
makes me think of...
Web App Sec 101
1. Go to the OWASP site, have a bit of a read.
2. Check out the most recent (stable) version of the OWASP top 10 web app sec flaws:
3. Oh look, XSS is number 1. Ahead of SQL inection.
As already stated...
...FPGAs for key cracking is old news. For example:
Just cos someone ripped 'em from a plasma doesent make this news. Then again, I do like to hear about FPGAs... gotta love 'em.
Yeah sorry - Apple thats who I meant (confused? me? ahem).
My point is MS have put a decent amount of investment into security recently, but its hard to change perceptions overnight. It must be galling for them to watch other vendors such as Apple (no offence, like) apply minimal attention to security, while MS are still percieved as being insecure.
A good point for FUD pushers: once you have a crappy reputation, it can be hard to shake.
@ Morely Dotes
yes: its all about the benjamins at the end of the day (i.e. profit is the main driver for vendors), no surprise there - bill likes green.
but trust me, in 5 years time Mac will have the poor security rep MS has now, because MS put more time and money into security than they do.
Yeah, that would be a bit cheeky.
But here's another scenario - a pen tester by the name of raven worked for years as an ISP engineer. She got sick of the general lack of security and the kicks to the head she got when the risks she was warning management about crystallised into issues and impacted the operation.
So, she went into pen testing, where she did an excellent job of revealing the poor levels of security observed by ISPs.
Not saying that's happened here - I happen to believe MS to be much more security conscious than many vendors. A LOT more. There are probably a lot more shades of grey here...
using this may be illegal
i love cDc to bits and the world would be a much poorer place without them. its also great to see them back in the news!
i belive this is a good tool in that it gives anyone who manages a website a chance to see if their ass is hanging out - that cant be a bad thing.
however, regardless of what you think of cDc, using this tool in the uk on a domain you are not responsible for may be illegal.
there's a very good, brief article here :
Security; A Lemon's Market?
If buyers don't have enough information to determine the performance of products, then sub-standard products (lemons) will dominate the market and the producers of such rubbish will drive genuinely fastidious developers out of business.
This is where standards, CLEFs, and other rather dull (but eminently necessary) aspects should pick up...
But most of all, we all, as buyers, create the markets we deserve - if we all made more effort to avoid buying sh*te, i.e. actively avoiding products marketed using those Fear Uncertainty Doubt techniques, we might see less of a lemon's market.