If you are paranoid about people ARP spoofing or flooding on your network you can use ARPWatch-NG, ARPWatch-NG is a continue of the popular original ARPWatch from ftp://ftp.ee.lbl.gov/. ARPWatch monitors MAC adresses on your network and writes them into a file, last know timestamp and change notification is included. It can be used it to […]
Archives for October 2006
Tracking Users Via the Browser Cache
An interesting new twist on things, rather than using cookies to store information you can use perpetually cached files. So clearing your cache and cookies isn’t enough, could be a privacy issue you say, indeed it could.. Clearing cookies may not be enough as you may think. Your browser’s cache is a valuable store of […]
LAPSE Sourcecode Analysis for JAVA J2EE Web Applications
[ad] LAPSE stands for a Lightweight Analysis for Program Security in Eclipse. LAPSE is designed to help with the task of auditing Java J2EE applications for common types of security vulnerabilities found in Web applications. LAPSE was developed by Benjamin Livshits as part of the Griffin Software Security Project. LAPSE targets the following Web application […]
The Top 5 Causes of Data Loss
[ad] An interesting enough article, but if you work in infosec you could probably guess the topics anyway. In a key step to help businesses better understand and protect themselves against the risks of fraud, Visa USA and the U.S. Chamber of Commerce announced the five leading causes of data breaches and offered immediate, specific […]
Odysseus Proxy for MITM Attacks Testing Security of Web Applications.
Odysseus is a proxy server, which acts as a man-in-the-middle during an HTTP session. A typical HTTP proxy will relay packets to and from a client browser and a web server. Odysseus will intercept an HTTP session’s data in either direction and give the user the ability to alter the data before transmission. For example, […]