Recent
Blog updates
Just to let everyone know that we are now running the latest version of wordpress, finally! If you haven’t noticed already there’s a ‘Security Jobs’ RSS feed which grabs RSS feeds off a number of job sites, the link can be found in the sidebar above the google ads.
Ive fixed the footer as it was out of line and also made the pagination a little bit nicer however during the process of updating the site I seem to have messed up the ‘pages’, the ones in the green bar at the top. Haven’t a clue whats gone wrong, spent the past few hours staring at CSS, PHP and HTML and still cannot figure out what I have done!!! I’m going to leave it for now and come back to it another day.
Some exiting news…
Me and some other lads from university have started a project called ‘ScreenStamp!’ I will be posting about it shortly.
Using a web bug for information gathering
Abstract:
Any one can post an image anywhere that allows the posting of remote images, grab the http header information of any one who views the image and save it to a log file on a remote server. This has been done for a while by the advertisement industry to track users activities. It can also be used by mail clients to check that an email has been read by the recipient. It is known as a ‘web bug’.
How its done:
1. You need a php script that will capture the GET HTTP headers, echo an image and have the content-type header set as a jpg.
2. A directory called /image.jpg/
3. htaccess file to automatically load index files within directories
3. Some where you can post the <img> HTML tag.
Exploit:
Post the following code into any forum, blog, guestbook, website that accepts images from remote servers.
<img>http://www.mysite.com/image.jpg</img>
OR
<img src=”http://www.mysite.com/image.jpg“>
How it works:
General update
Just to let everyone know that I’m still alive. Haven’t posted in nearly a month! Been busy with university and also had a couple of jobs on the side.
Damn Vulnerable Web App got a mention on irongeek.com this month! Thanks irongeek!
Deliberately Insecure Web Applications For Learning Web App Security
I will be posting about my views regarding BBC Click Online hacking into botnets, using them to carry out tests and then changing the computers wallpapers to make the users aware that they were zombies. Is that legal? I will be posting about this over the next few days.
Mean while check out the video: BBC team exposes cyber crime risk
