I Am Security

Tag: research

  • New Orkut worm takes us back in the wayback machine

    by

    iamit
    in ,

    I just love it how old news are recycled with a bit of a flare when they become relevant again. The latest Orkut worm reports talk about the technique that the worm writer has used to distribute its code. Quoting from the original article above: “It then downloads and executes a heavily obfuscated JavaScript”… looking…

  • IFRAME is a security risk???

    by

    iamit
    in ,

    Ok, I have just read the latest in “IFRAME Security” articles and had to write something about it. While going through my usual RSS feeds, I stumbled onto this article, which tries to summarize why “iframes are a security risk”. Not to pick on the specific article, but this is not the first time that…

  • Playing with obfuscators – teaching an old dog new tricks…

    by

    iamit
    in ,

    So our Malicious Page of the Month for September is out now. Going over the details of the document, I wanted to re-visit an old habit I had back in the days of putting code to the test – especially when the code in subject is simple, and has been signature to hell by every…

  • Hitting the nail on the head

    by

    iamit
    in , ,

    When we here at the MCRC are publishing our quarterly trends reports (http://www.finjan.com/Content.aspx?id=827), we are always facing the possibility that what we have been working on and predicting that would become the next issue with web security, isn’t really going to happen. Fortunately, we keep getting great feedback from the community since we started the…

  • Vista Sidebar Vulnerability

    by

    iamit
    in ,

    Or how a contact may get too close for comfort… It’s finally here. August 14th, and we are finally in liberty to talk about the vulnerability in the Vista Sidebar Contacts Widget. As you may or may not know – when we presented “The Inherent Insecurity of Widgets and Gadgets” a few days ago at…