Ars Aranea » Security

Hacking and the real world

Skippy — Thu, 13 Mar 2008 12:06:26 +0000

I was reading an article by Adrian Spinei and, not for the first time, it made me think about how our society likes to consider computer hacking similar to physical aggression, invasion of personal space or privacy violations.

It wouldn’t be so bad if just the uninformed masses had the wrong idea. But it doesn’t seem [...]

Code injection on the Web

Skippy — Fri, 30 Jun 2006 09:38:00 +0000

This article presents an overview of code injection on the Web, in general, and describes some types of code injection, in particular. The point of view is that of a PHP programmer, for obvious reasons: PHP is a loose-typed language and has features that can be easily misused by novices.

Social engineering comes to the Mac

Skippy — Fri, 17 Feb 2006 12:41:06 +0000

So apparently there's been some ruckus these days regarding what has been dubbed "the first trojan for Mac OS X". I fully expect that by now there are at least some articles and a few thousand comments all over the Web saying: "See? It wasn't so secure after all!" Except that this isn't a security problem in the classical sense; it's a social engineering attack.

The Code Book, by Simon Singh

Skippy — Mon, 02 Jan 2006 00:56:40 +0000

"The secret history of codes and code-breaking" is an excellent overview and introduction to cryptography. A must read even if you don't plan on becoming a specialist.

Trojan exploits severe Explorer security flaw

Skippy — Thu, 01 Dec 2005 15:32:03 +0000

As probably expected, there's now a trojan in the wild which exploits a 6-month old, yet unpatched, vulnerability in Internet Explorer, allowing remote code execution.

Explorer bug crawls up on Firefox

Skippy — Tue, 29 Nov 2005 11:50:25 +0000

A very specific JavaScript security vulnerability, which was supposed to achieve remote code execution on Explorer, manages to freeze Firefox as well. Kudos to inter-racial bugs.

Google Base brings you teh pr0n. Not!

Skippy — Fri, 25 Nov 2005 09:52:40 +0000

Due to, apparently, the same XSS issue that troubled Gmail a few days ago, Google Base has been invaded by smut, pr0n, xxx, dirty stuff, in a word, sex. And what do they do?