Today's Question:  What does your personal desk look like?        GIVE A SHOUT

 CODE SECURITY


  Why should we drop or reduce use of MD5?

MD5 is a frequently used one-way hash algorithm, it is commonly used in following situations:Check data integrity. We take hash of the data stored in two different places and compare them. If the hash results are the same, then there is no need to check the actual data. This utilizes the collision-resistant feature. Two different data block will have little chance that their hash values will be the same. Many data service providers use such technique to check repeated data to avoild repeating uploading. Also, it is frequently used in transferring file to ensure the file is not modified during ...

3,578 0       ATTACK VULNERABILITY MD5


  The Best Hackers In The World All Come From One Country

Facebook, Zynga, and other hot companies use Interview Street to recruit programmers. Interview Street posts programming challenges and invites contenders to solve as many as they can.According to their message board, nine of Interview Street's top ten hackers are all from China. One is from an unknown country.A hacker called ralekseenkov, who is ranked number 11, is from the United States.What does that say about the talent crunch here?Read more: http://www.businessinsider.com/hackers-the-best-all-come-from-one-country-2012-4#ixzz1rkl1LN9B...

6,150 3       MICROSOFT HACKER CHINA COUNTRY


  SQL Injection through HTTP Headers

During vulnerability assessment or penetration testing, identifying the input vectors of the target application is a primordial step. Sometimes, when dealing with Web application testing, verification routines related to SQL injection flaws discovery are restricted to the GET and POST variables as the unique inputs vectors ever. What about other HTTP header parameters? Aren’t they potential input vectors for SQL injection attacks? How can one test all these HTTP parameters and which vulnerability scanners to use in order to avoid leaving vulnerabilities undiscovered in parts of the appl...

20,472 0       SQL INJECTION CODE SECURITY HTTP HEADER


  The mystery of Duqu Framework solved

The Quest for IdentificationIn my previous blogpost about the Duqu Framework, I described one of the biggest remaining mysteries about Duqu – the oddities of the C&C communications module which appears to have been written in a different language than the rest of the Duqu code. As technical experts, we found this question very interesting and puzzling and we wanted to share it with the community.The feedback we received exceeded our wildest expectations. We got more than 200 comments and 60+ e-mail messages with suggestions about possible languages and frameworks that could have bee...

18,358 1       DUQU CODE MYSTERY OO C C++