AIR is an interesting technology merging the web and desktop based applications on the flash platform. Lucas Adamski from Adobe has published a very good article describing the platform and security concerns I'd advise checking out. While it remains to be seen if AIR is going to be the next big thing,...
"Captcha (Completely Automated Public Turing test to tell Computers and Humans Apart) challenge-response systems, which are used to prevent accounts being created until a user correctly identifies letters in an image, are designed to ensure requests are made by a human rather than an automated program. The technique has been used to...
Someone posed the question in a pen-test thread titled 'Malicious file upload in .JPG or GIF format' of how to pen test logins forms. While this isn't a new subject people are still asking the question and this is a decent thread to learn about the subject. Thread Link: http://archives.neohapsis.com/archives/sf/pentest/2008-02/thread.html#102
"Mendacious machines controlled by hackers that reroute Internet traffic from infected computers to fraudulent Web sites are increasingly being used to launch attacks, according to a paper published this week by researchers with the Georgia Institute of Technology and Google Inc. The paper estimates roughly 68,000 servers on the Internet are returning...
"Mozilla chief evangelist Mike Shaver says the latest Firefox information leakage bug warning is exaggerated. Published reports of an information leakage vulnerability affecting fully patched versions of the open-source Firefox browser have been greatly exaggerated, according to Mozilla chief evangelist Mike Shaver. Shaver's sharp retort follows the release of an advisory by...
