sql

Sorry for the late post folks. Been a busy, busy day. Below you find a post by RSnake begging for discussion, EFF pushing for modification to DMCA, a method to secure BGP, how we communicate to our users is important, the final part of an risk assessment using FAIR, SQL firewalls, and the fact that BeanSec is next week. Have a great weekend.

  1. Crime and Punishment ha.ckers.org web application security lab
    Tags: ( general opinion )
  2. This would benefit everybody.
    EFF pushes for legal handset jail-breaks - vnunet.com
    Tags: ( cellphone drm )
  3. This will be a definite improvement. There have been several cases of BGP errors causing significant problems in the year or so.
    U.S. plots major upgrade to Internet router security - Network World
    Tags: ( bgp bgpsec )
  4. David reminds us that how a message is delivered just as important as why the message is delivered.
    The Power of Positive Rethinking : The Security Catalyst
    Tags: ( communication )
  5. Part 4 of Chris's latest FAIR assessment is posted.
    Risk Scenario - Hidden Field / Sensitive Information (Part 4 of 4) << Risktical Ramblings
    Tags: ( risk assessment fair )
  6. It was only a matter of time before we started seeing SQL firewalls. Not saying it's a bad thing.
    /dev/random >> Blog Archive >> Databases Protection with GreenSQL
    Tags: ( firewall sql )
  7. Beansec next week.
    Rational Survivability: BeanSec! Wednesday, January 21st, 2009 - 6PM to ?
    Tags: ( beansec meetings )
  8. Yes, indeed. I and others have said it more than once, compliance does not equal security.
    Network Security Blog >> "Security first" please!
    Tags: ( security pci )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

Reblog this post [with Zemanta]

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Lavasoft has jumped into the anti-virus market. We'll have to keep an eye on this one.
    Ad-Aware gets an antivirus cousin | The Download Blog - Download.com
    Tags: ( free anti-virus )
  2. Some interesting situation that lead to a need for data recovery. Hat tip to Xavier at /dev/random (blog.rotshell.be)
    Kroll Ontrack Top Ten Data Mishaps and Recoveries - Press Release
    Tags: ( amusing general )
  3. The workarounds section for the recent 0-day for IE has been updated. This blog post goes into some further detail about the workarounds.
    Security Vulnerability Research & Defense : Clarification on the various workarounds from the recent IE advisory
    Tags: ( exploit vulnerability microsoft ie workarounds )
  4. Part 2 of SynJunky's fictional story about detection of and incident response to an insider attack.
    Syn: The Story of an Insider - Part 2. The Sys Admins Story
    Tags: ( insider )
  5. This is a nifty way to get the job done.
    Writing a web services fuzzer in 5 minutes to SQL injection | tssci security
    Tags: ( webappsec injection sql )
  6. Woot! Version 1.2 of Burp Suite has been released.
    PortSwigger.net - web application security: Burp Suite v1.2 released
    Tags: ( webappsec burp )
  7. Just go read it. You won't regret it.
    Rational Survivability: GigaOm's Alistair Croll on Cloud Security: The Sky Is Falling!...and So Is My Tolerance For Absurdity
    Tags: ( cloud )
  8. Rory is writing a series of posts on penetration testing. The first is up.
    Rory.Blog: What is Penetration Testing?
    Tags: ( pentest )
  9. Here is a very cool idea for a low/no cost way to implement DLP.
    /dev/random >> Blog Archive >> Simple DLP with Ngrep
    Tags: ( dlp ngrep )
  10. Looks like nifty tool to add to the arsenal.
    Jeremy's Computer Security Blog: JPEG Fuzzer has ARRIVED
    Tags: ( fuzzer jpeg )
  11. Watch out folks, SkyNet is just around the corner.
    Schneier on Security: Killing Robot Being Tested by Lockheed Martin
    Tags: ( skynet )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Firefox, SQLite and DOM, oh my…

by kriggins on June 25, 2008

in General

I want to preface the following withLions, Tigers and Bears, oh my.

  1. I am probably late to the party and everybody already know all about this and
  2. There probably isn't any issue here.  Just got me to thinking.

I was reading the Firefox's Super Cookies post on the CERIAS Blog and it made me go hmmm. You should go read Pascal's post first because it is an interesting bit o' info, but here are the bits that are germane to my thoughts.

First:

DOM storage allows web sites to store all kinds of information in a persistent manner on your computer, much like cookies but with a greater capacity and efficiency.

Then:

To find out what information web sites store on your computer using DOM storage (if any)

and:

You should find a file named “webappsstore.sqlite”. To view the contents in human readable form, install sqlite3

So, this makes me think there is a sql interface somewhere in Firefox.  In light of all the SQL injections issues recently, I just have to wonder what kind of fun might exist here.

Kevin

Photo by annarchy1

{ 0 comments }