Oh look! Another data-leak, this was was pretty bad as it contained plain-text passwords (who on earth doesn’t hash their passwords in the DB in 2011?!). Anyway this time it was a Groupon subsidary – Sosata.com which managed to leak the e-mail addresses and plain-text passwords for 300,000 users AND on top of that, Google […]
data-security
Website Auto-complete Leaks Data Even Over Encrypted Link
I’m always fascinated by side-channel attacks where the attack is focused on the underlying architecture of the cryptosystem and the data echos it creates rather than the algorithm or implementation itself. Similar somewhat to the recent breaking of OpenSSL using power fluctuations. This time some researcher type fellas focused on the digital noise autocomplete webforms […]
GreenSQL – Open Source Database Firewall Software
[ad] GreenSQL is an Open Source database firewall used to protect databases from SQL injection attacks. GreenSQL works as a proxy for SQL commands and has built in support for MySQL & PostgreSQL . The logic is based on evaluation of SQL commands using a risk scoring matrix as well as blocking known db administrative […]
Microsoft SQL Server Fingerprint Tool – BETA4
[ad] This is a tool that performs version fingerprinting on Microsoft SQL Server 2000, 2005 and 2008, using well known techniques based on several public tools that identifies the SQL Version. The strength of this tool is that it uses probabilistic algorithm to identify the version of the Microsoft SQL Server. The “Microsoft SQL Server […]
Facebook Pushes Out New Privacy Settings
[ad] There have been plenty of stories about Facebook in the past and the latest is about their new privacy system. From what I understand they have abandoned the previous concept of “Networks” and now everyone is open to everyone else. The network system was initially relevant when the site was targeted at only US […]