Última actualització: 31/12/2006; 15:11:12

Quands.cat   Notes sobre seguretat informàtica.

divendres, 22 / desembre / 2006 Felicitació nadalenca (música: «Santa Claus Is Coming To Town») better !pout !cry better watchout lpr why santa claus < north pole > town cat /etc/passwd > list ncheck list ncheck list cat list | grep naughty > nogiftlist cat list | grep nice > giftlist santa claus < north pole > town who | grep sleeping who | grep awake who | grep bad || good for (goodness sake) { be good } better !pout !cry better watchout lpr why santa claus < north pole > town   15:47 (# Enllaç permanent) | Comentaris: | Trackback: Com no utilitzar les galetes dels navegadors [Security Reference Guide] How Not To Use Cookies While cookies can help web developers offer services and features that would require extensive programming otherwise, there are some significant security risks that must be understood before cookies are ever implemented into a website. First, cookies are stored as plaintext on the user's computer. This means anyone can read them at any time from the local machine. This includes a nosy family member, but also includes the user of the website. In other words, web developers can never assume that the cookie data is a place to store sensitive data. Second, cookies are passed as plaintext unless there is an encrypted session. As a result, anyone with a sniffer can capture the cookies contents and use them as their own. In other words, if a person logs into a web application at an unprotected wireless hotspot, an attacker can grab the session value and insert it into their own cookie, thus hijacking the session from the valid user. Third, and possibly the most significant, cookies can be stolen via cross-site scripting exploits on a vulnerable web application. For example, numerous blogging sites have been found to have persistent XSS vulnerabilities over the last few years. If a malicious hacker wants to steal a user's session id cookie information, they can easily do this by injecting a simple "document.cookie" request into a blog post. This type attack can be used to steal hundreds of session values, all of which can be used by the attacker to collect sensitive information or create chaos by posting fake content under a stolen account.   00:04 (# Enllaç permanent) | Comentaris: | Trackback:   © Copyright 2000-2006 Xavier Caballe. . Si no s'indica expressament el contrari, el material publicat en aquest weblog es distribueix d'acord amb la llicència Creative Commons. El contingut és responsabilitat única i exclusivament del seu autor i no té cap relació amb les seves activitats professionals.

Desembre 2006 Diu Dil Dim Dim Dij Div Dis           1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31             Nov   Gen Indiqueu el text a cercar Enviar el formulari de cerca Webs d'amics jcea Vicent Partal Jordi Mas Toni Hermoso Mercè Molist Mina Nabona-Jassans Gurus Scripting News Jon Udell Bruce Sterling Bruce Schneier Howard Rheingold Reflexiones e irreflexiones Atalaya Cuaderno de bitácora Linotipo Pedro Jorge Romero Seguretat reversing.org Seguridad de la información Somiatruites, Ciberderechos      en la red eN Espiral ~> Juanma Merino Navega seguro PDA CosesPalm PalmCat CanalPDA.com Cultura El Llibreter