security
Remote Listening for the BlackBerry
I first blogged about PhoneSnoop, a component of Bugs, a few days ago. PhoneSnoop demonstrates how a BlackBerry can be used to spy on its owner. It cannot listen into phone conversations or conduct phone taps on BlackBerry handhelds at the moment. It is, however, possible to add a feature that makes phone taps work. [...]
How I tell my clients that XSS is bad
The mixed bag of reactions to XSS or Cross Site Scripting vulnerabilities is interesting to watch. As a security professional, I’ve audited banking applications based on web technologies and have in all cases come away with at least one XSS vulnerability. When presented to the client and to the vendor, I get some interesting reactions.
“You [...]
Three reasons why you should segment your SCADA networks
The recent report on eWeek regarding how attackers managed to get a foot hold into an energy company through a phishing attack is not something new. It is not magical because stuff like this happens elsewhere on a more frequent basis. What makes this so noteworthy is the fact that the company was in control [...]
