«
Expand/Collapse
53 items tagged "book"
Related tags:
address [+],
php [+],
hacks [+],
txt [+],
library [+],
book 6 [+],
store [+],
sql injection [+],
sql [+],
e book [+],
disclosure [+],
book store [+],
book library [+],
address book [+],
version 6 [+],
social [+],
library component [+],
joomla [+],
injection [+],
grade book [+],
grade [+],
gallery [+],
facebook [+],
cookie [+],
component version [+],
book gallery [+],
tiny [+],
scanner [+],
robots [+],
reviews [+],
microsoft [+],
guest book [+],
guest [+],
diy [+],
digital [+],
cameras [+],
vulnerability [+],
winrar password [+],
winrar [+],
william james [+],
web [+],
vcf [+],
using digital camera [+],
time developers [+],
telekenesis [+],
table lamps [+],
system [+],
swarmanoids [+],
steven levy [+],
steve hoefer [+],
stanza [+],
spork [+],
smudges [+],
security [+],
securing web applications [+],
scanners [+],
roundup [+],
remote [+],
realistic scenarios [+],
reading light [+],
reading lamp [+],
reading [+],
pocket space [+],
philip k. dick [+],
philip k dick [+],
personal address book [+],
personal [+],
password [+],
news [+],
multiple [+],
multi [+],
mullti [+],
marvelous [+],
margin notes [+],
lyon [+],
local [+],
library version [+],
library v1 [+],
levy [+],
led [+],
kevin mitnickcrypto [+],
justin [+],
joseph conrad [+],
james joyce [+],
jack [+],
irregularity [+],
iphone [+],
interview [+],
information disclosure [+],
hype [+],
husbandry techniques [+],
handling [+],
hackers [+],
hacker history [+],
hacker culture [+],
generation [+],
future [+],
fugitive game [+],
friedrichs [+],
forgery [+],
font [+],
file upload [+],
file [+],
fatal system error [+],
fatal [+],
external ac [+],
entire library [+],
email spoofing [+],
electronic lock [+],
electronic book [+],
electronic [+],
ebook [+],
easy [+],
e reader [+],
drupal [+],
dom [+],
development [+],
denial of service exploit [+],
denial of service [+],
day [+],
daniel [+],
dan [+],
dale dougherty [+],
complementary book [+],
collection [+],
classic [+],
chapter [+],
camera rigs [+],
book id [+],
book hackers [+],
book group [+],
bkd [+],
billy rios [+],
average [+],
arp spoofing [+],
army [+],
arduino [+],
arbitrary code execution [+],
apple safari [+],
apple [+],
animal husbandry [+],
andy crocker [+],
advanced [+],
address book view [+],
adapter [+],
aboutbook [+],
Software [+],
General [+],
Discussion [+],
cross site scripting [+]
-
-
5:01
»
Hack a Day
An old book – the smell, the texture of the slowly rotting paper, and the smudges and margin notes accrued over decades – is one of the finer points in life taken for granted much too often. We’re bombarded with high precision vector typefaces all day, but [Dan]‘s Avería font is beautiful in its irregularity. [Dan] [...]
-
-
6:01
»
Hack a Day
DIY book safes are well and good, but if you give someone enough time to peruse your book collection, the 3-inch thick “Case study on Animal Husbandry Techniques during the 14th Century” is likely to stand out among your collection of hand-bound “Twilight” fan fiction. In an attempt to teach his friend a bit about [...]
-
-
22:59
»
Packet Storm Security Headlines
: $49.95
If you are a security engineer, a researcher, a hacker or just someone who keeps your ear to the ground when it comes to computer security, chances are you have seen the name Michal Zalewski. He has been responsible for an to many over the years. He recently released a book called "The Tangled Web - A Guide To Securing Modern Web Applications".
Normally, when I read books about securing web applications, I find many parallels where authors will give an initial lay of the land, dictating what technologies they will address, what programming languages they will encompass and a decent amount of detail on vulnerabilities that exist along with some remediation tactics. Such books are invaluable for people in this line of work, but there is a bigger picture that needs to be addressed and it includes quite a bit of secret knowledge rarely divulged in the security community. You hear it in passing conversation over beers with colleagues or discover it through random tests on your own. But rarely are the oddities documented anywhere in a thorough manner.
Before we go any further, let us take a step back in time. Well over a decade ago, the web was still in its infancy and an amusing vulnerability known as the surfaced. It was nothing more than a simple input validation bug that resulted in arbitrary code execution. The average hacker enjoyed this (and many more bugs like it) during this golden age. At the time, developers of web applications had a hard enough time getting their code to work and rarely took security implications into account. Years later, cross site scripting was discovered and there was much debate about whether or not a cross site scripting vulnerability was that important. After all, it was an issue that restricted itself to the web ecosystem and did not give us a shell on the server. Rhetoric on mailing lists mocked such findings and we (Packet Storm) received many emails saying that by archiving these issues we were degrading the quality of the site. But as the web evolved, people starting banking online, their credit records were online and before you knew it, people were checking their social network updates on their phone every five minutes. All of a sudden, something as small as a cross site scripting vulnerability mattered greatly.
To make the situation worse, many programs were developed to support web-related technologies. In the corporate world, being first to market or putting out a new feature in a timely fashion trumphs security. Backwards compatibility that feeds poor design became a must for any of the larger browser vendors. The "browser wars" began and everyone had different ideas on how to solve different issues. To say web-related technologies brought many levels of complexity to the modern computing experience is a great understatement. Browser-side programming languages, such as JavaScript, became a playground for hackers. Understanding the Document Object Model (DOM) and the implications of poorly coded applications became one of those lunch discussions that could cause you to put your face into your mashed potatoes. Enter "The Tangled Web".
This book puts some very complicated nuances in plain (enough) english. It starts out with Zalewski giving a brief synopsis of the security industry and the web. Breakdowns of the basics are provided and it is written in a way that is inviting for anyone to read. It goes on to cover a wide array of topics inclusive to the operation of browsers, the protocols involved, the various types of documents handled and the languages supported. Armed with this knowledge, the reader is enabled to tackle the next section detailing browser security features. As the author puts it, it covers "everything from the well-known but often misunderstood same-origin policy to the obscure and proprietary zone settings of Internet Explorer". Browsers, it ends up, have a ridiculous amount of odd dynamics for even the simplest acts. The last section wraps things up with upcoming security features and various browser mechanisms to note.
I found it a credit to the diversity of the book that technical discussion could also trail off to give historical notes on poor industry behavior. When it noted DNS hijacking by various providers it reminded me of the very distinct and constantly apparent disconnect between business and knowledge of technology. When noting how non-HTTP servers were being leveraged to commit cross site scripting attacks, Zalewski also made it a point to note how the Internet Explorer releases only have a handful of prohibited ports but all other browsers have dozens that they block. The delicate balance of understanding alongside context is vital when using information from this book and applying it to design.
Every page offers some bit of interesting knowledge that dives deep. It takes the time to note the odd behaviors small mistakes can cause and also points out where flawed security implementations exist. This book touches on the old and the new and many things other security books have overlooked. Another nice addition is that it provides security engineering cheatsheets at the end of each chapter. To be thorough, it explains both the initiatives set out by RFCs while it also documents different paths various browser vendors have taken in tackling tricky security issues. Google's Chrome, Mozilla's Firefox, Microsoft's Internet Explorer, Apple's Safari and Opera are compared and contrasted greatly throughout this book.
In my opinion, the web has become a layer cake over the years. New shiny technologies and add-ons have been thrown into the user experience and with each of them comes a new set of security implications. One-off findings are constantly discovered and documented (and at Packet Storm we try to archive every one of them), but this is the first time I have seen a comprehensive guide that focuses on everything from cross-domain content inclusion to content-sniffing. It is the sort of book that should be required reading for every web developer.
-
-
12:01
»
Hack a Day
[Daniel] at diybookscanner.org posted a roundup of the best automatic book scanner builds to date. A lot of the comments on our last coverage of book scanners were summed up by [Spork] with, “No automatic page turning = no use.” Turning a page in a book with a robot is really hard, though, and these builds [...]
-
-
12:01
»
Hack a Day
Imagine that you want a book that is located on a shelf several rooms over, but you do not want to get out of your chair. Short of developing telekenesis on the spot, there’s little you can do other than get up and fetch the book yourself – that is, unless you have an army [...]
-
-
10:58
»
Hack a Day
Like any learned individual, [Justin] has a whole mess of books. Not being tied to the dead-tree format of bound paper, and with e-readers popping up everywhere, he decided to build a low-cost book scanner so an entire library can be carried in a his pocket. If that’s not enough, there’s also a complementary book [...]
-
-
12:01
»
Hack a Day
[Steve Hoefer] is not a huge fan of traditional table lamps, so he set off to build a reading light of his own that was more aesthetically pleasing than the standard fare. He thought it would be pretty appropriate to construct his reading lamp out of a book, and we’re inclined to agree. He stripped [...]
-
-
5:46
»
Hack a Day
[Kusnick] is into using digital camera rigs for book scanning. The problem is that keeping the batteries charged is a pain, but there’s no external AC adapter jack which would allow him to use the mains. His solution was to build his own adapter to replace the batteries. There are some fancy book scanning setups [...]
-
-
7:37
»
Carnal0wnage
Hacking: The Next Generation Book Review
Nitesh Dhanjani, Billy Rios, & Brett Hardin
5 stars
Good Intro to Next Gen Attacks
First Impressions...skinny book. Strike One. Chapter 1 -- "Intelligence Gathering: Peering Through the Windows to Your Organization" spends a lot of time on physical security and social engineering and no mention of Maltego. I'm not sure how anyone can write a book on Intelligence Gathering and NOT include Maltego. Strike Two.
At this point i was thinking I had a dud on my hands BUT Chapter 2 --- "Inside-Out Attacks: The Attacker Is the Insider" redeems. Tons of code and examples to make XSS work in "realistic" scenarios mix the right amount of tech and narrative. My only gripe was that they talked about using XSS shell for XSS exploitation instead of using BEeF which is actively maintained and developed.
All the other chapters (except for Chapter 3) were very good, none of the others are as technical as chapter 2 but I believe they cover the current trends in a entertaining and readable way. Like one reviewer mentioned the information covered in Chapter 5 -- "Cloud Insecurity: Sharing the Cloud with Your Enemy" was not what I expected. It covered high level "possible" attacks versus any "probable" attacks. With the exception of possibly making insecure VM's and getting people to run it. Chapter 7 -- "Infiltrating the Phishing Underground: Learning from Online Criminals?" was a "chapterfied" version of the authors talk on the subject. Chapter 4 -- "Blended Threats: When Applications Exploit Each Other" was a good overview of stringing vulnerabilities that would be/were not considered high risk into high risk issues by combining one or more together which actually is "next generation".
Chapter 3, IMO didnt cover anything new. Mostly a discussion of insecure protocols, arp spoofing, email spoofing. While still a relevant issue in security not "next generation".
-
-
7:27
»
Hack a Day
[HP Friedrichs] wrote in to tell us about an upcoming book titled Marvelous Magnetic Machines. Ordinarily, we skip over promotional hype. After watching his promo video though, we couldn’t help but share. We want a copy of this book. In this book you’ll find details on how to build a number of different motors from [...]
-
-
7:00
»
Hack a Day
[Dale Dougherty] interviews [Steven Levy] about the history of hacking. [Levy]‘s book Hackers has been released in a 25th anniversary edition. The interview alone is fascinating and the book is a must read for any hacker. If they offered a course in hacker culture somewhere, we’re positive that this book would be the textbook. The 25th anniversary [...]
-
-
12:04
»
Wirevolution
On a recent extended trip to England, I discovered Stanza, an e-reader application for the iPhone. Not only did it demonstrate for me that the iPad will obsolete the Kindle, but that the iPhone can do a pretty good job of it already.
Surprisingly, the iPhone surpasses a threshold of usability that makes it more of a pleasure than a pain to use as an e-reader. This is due to the beautiful design and execution of Stanza. The obvious handicap of the iPhone as an e-reader is the small screen size, but Stanza does a great job of getting around this. It turns out that reading on the iPhone is quite doable, and better than a real book in several ways:
-
It is an entire library in your pocket – you can have dozens of books in your iPhone, and since you have your iPhone with you in any case, they don’t take any pocket space at all.
-
You can read it in low-light conditions without any additional light source.
-
You can read it even when you are without your spectacles, since you can easily resize the text as big as you like.
-
It doesn’t cost anything. If you enjoy fiction, there is really no need to buy a book again, since there are tens of thousands of good books in the public domain downloadable free from sites like Gutenberg.org and feedbooks.com. Almost all the best books ever written are on these sites, including all the Harvard Classics and numerous more recent works by great authors like William James, James Joyce, Joseph Conrad and Philip K. Dick.
-
You can search the text in a book and instantly find the reference you are looking for.
-
It has a built-in dictionary, so any word you don’t know you can look up instantly.
-
It keeps your place – every time you open the app it takes you to the page you were reading.
-
You can make annotations. This isn’t really better than a paper book, since you can easily write marginal notes in one of those, but with Stanza you don’t have to hunt around for a pencil in order to make a note.
-
You don’t have to go to a bookstore or library to get a book. This is a mixed benefit, since it is always so enjoyable to hang out in bookstores and libraries, but when you suddenly get a hankering to take another look at a book you read a long time ago, you can just download it immediately.
All these benefits will apply equally to the iPad and the others in the 2010 crop of tablet PCs, which will also have the benefit of larger screens. But Stanza on the iPhone has showed me that good user interface design can compensate for major form factor handicaps.
-
-
3:35
»
remote-exploit & backtrack
Hi ,
I have a book in winrar format which is protected with password .It takes a very great deal of time when it is usually used the standard softwares for removing the password , you know . Do you know if exists another way that is faster and more reliable for removing the password ?
thank you in advanced ?
1337day (was: Inj3ct0r, 1337db)
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Sophos security news
Penetration Testing
SecuriTeam
BackTrack Linux Forums
Threatpost
SecDocs
carnal0wnage.attackresearch.com
Darknet
The Exploitant
