Security challenges for the summer

Hello! The summer is here and the holidays are near! Planning something to do? Too much free time as you don’t have to do any exams in September? Looking for something to learn? Me too! 🙂 Each summer I plan something to learn, something to investigate… basically something to help me enjoy my free time! This summer I’m going to focus on: Firefox addons development (Check this Hackbar Google Code…

Web security news and the “Hack of the Year”

Long time since my last post but I was a bit busy on customer on-site testing. Nice days of application testing but now is time to write here again. I read long ago a fantastic book about security named “The Art Of Intrusion” wrote by the (in)famous Kevin Mitnick. He told amazing histories about security and intrusions without giving too much technical details about them but the enough to understand…

Back from RootedCon 2010 | InteliSecure

I know, I didn’t write anything about the Rootedcon as I promised last week but following the congress I came up with some new ideas and I have been busy coding them. I don’t know how to describe the congress. Simply amazing is a good approach. I met a lot of fantastic people and saw a lot of friends again. And, of course, we talked and learnt about security, so,…

2010 CWE/SANS Top 25 Most Dangerous Programming Errors

A few weeks ago was released a new version of the “Top 25 Most Dangerous Programming Errors” list about coding bugs that the MITRE and SANS released last year. This new version comes with a better layout to a better understanding about the risks, the remedies and focus into the identification of the problem. From my point of view is very interesting the table which defines the weakness by language.…

Testing and virtual machines

Sometimes I need to test specific software version or make a custom machines for a specific propose like developing in a particular language. For now I used my personal machine for it, but today I have discovered something that I’m planning  adapt to my day by day. I was a bit lazy about creating virtual machines because I need to download a whole CD image, install it and later configure…

Mixed content in different browsers

In security, one of the most old and famous attacks is Man In The Middle attack. With this technique we can read all the packets the user is sending to a server and analyse it. The solution? Use a secure layer to encrypt all the traffic. This, for web sites, require that the user browser use the HTTPS protocol. This relay in the authenticity of the server certificate and the…

Will you tell your enemies where you are?

In the current society where everyone has a 3G mobile, a Facebook account, twitter username and more, sometimes we forgot about our privacy. These days is becoming very popular the Foursquare web site. It’s a very simple social game where you can tell your friends where you are. This is a nice way to meet new sites and catch your friends whatever they are. Foursquare also offers badges for different…