I’ve just seen on the news today about German supermarkets using biometric data like fingerprints to purchase goods. The claims of increased convenience and the ability to earn points by just using your finger. All sounds good to the average consumer but what would happen if this method was used instead of debit/credit cards?
In [...]
I like the topic of CSRF because it’s such a difficult problem to solve, I was thinking about ways a browser can prevent CSRF and I’ve come up with the following solutions:-
1. After a domain name any image/object/frame etc request is truncated by a user definable setting.
Limiting the amount of data an attacker can use [...]
Introduction
I hope you found my posts on the Safari security holes interesting, in this post I’m going to try and explain how I think and how I managed to work out an exploit for Safari. This post will be unusual for me because generally I try to keep my writing short and sweet, but in [...]
Ok I apologise for the cheesy title but it’s all that I could think of a mate of mine asked me to do a post on how to protect your browser when you’re online so here goes. First off it’s impossible. That’s right impossible, you can’t make your browser 100% secure, all you can [...]
The easiest avenue into a site
I’ve been writing an email web application recently and I have been thinking about making the forgotten password feature more secure as it is often the easiest avenue for an attacker to get into your web site. The major issue with these features is information disclosure, for example if you [...]
Swordfish, yeah right!
The glorified media definition of a hacker is wrong; a hacker isn’t Swordfish [1]. A hacker enjoys what he/she does and is motivated by the willingness to learn not for profit. It is important to identify if you have a hacker in your business because you need to approach them in a different [...]