As most security folks know, there are numerous ways to infect computers via infected image files, that contain binary viruses which are read/invoked by different image readers or the libraries that render them. From my perspective, looking into web application security, I had an idea.. Many websites and applications nowadays, look into the picture’s EXIF […]
Yesterday, I presented in Imperva‘s monthly webinar (my employer and source of joy) the results of a trend analysis that i recently completed, which includes the research results in detail. We explored through the trends of CMS adoption in the market, a threat analysis of hackers trends with 3rd party code/software and CMSs specifically, and […]
A few days ago, KrebsOnSecurity published a very well written article discussing a new 0-day Java vulnerability, and its effect on the Bit9 Hack. now lets be honest – Java Vulnerabilities are the hottest thing in security news right now.. if a week goes by without a new 0-day, someone is slipping or sleeping. I […]
This morning, an outline article defining AppDoS that I wrote, was published on Imperva’s Blog, have a read would you ? Link here. The article explores the differences between classic Denial of Service, and Application Oriented Denial of Service in a simplified manner.
The one thing that kept me thinking on a flight the other day was the latest new about LinkedIn’s 6.5 million password breach, and the followup lawsuit against it for violating its own privacy user agreement ensuring the security of one’s identity. and not specifically the story itself, but some of the aftermath that came […]
For the past couple of weeks, i have been away visiting Family in a country far far away, with an excellent internet connection and boring midnight hours, when I decided to play some games to help myself go to sleep. now, since this was quite an interest for me, I started looking in different sources […]
It was great to see how much attention the Hulk tool got over a short period of time, and even considered a malware by some folks who didnt read the fine print of “educational experiment” labeling. got tons of questions and improvement suggestions while some missed the main idea behind this.. its not meant to avoid a […]
Introducing HULK (Http Unbearable Load King). In my line of work, I get to see tons of different nifty hacking tools, and traffic generation tools that are meant to either break and steal information off a system, or exhaust its resource pool, rendering the service dead and putting the system under a denial of service. […]