Comments for Prominent Security

Comment on Comcast DNS Hijacking and Web Security by wap tek

wap tek — Tue, 29 Mar 2011 16:52:08 +0000

it is now 2011 03 29 9:49am and comcast is still dns hijacking,,,GAAAAAAAAAAAAAAAAAAAaaaaaaaaaaaaaaaAAAAAAAAAAAAA!!!!!!!!!!!!

Comment on Facebook Delete Friends CSRF Flaw by Amy M

Amy M — Wed, 27 Oct 2010 20:11:30 +0000

I think that this same security flaw has reappeared– this time in a group. I am a member of a facebook group called 1 MILLION Strong AGAINST the Arizona Immigration Law SB1070 that had grown to 1,630,000 members. The numbers continued to grow steadily but then the membership numbers began to inexplicably drop a few months ago. Now they are disappearing at a rate of about 1,000+ per day (the numbers really started falling fast after the admins closed the group… which indicates that the continued new members were offsetting the deleted members to some extent). Several members have reported that they were dropped off the membership roles for no reason. If you know of any information about this or would like more info please feel free to contact me. Facebook has been notified but so far the bleeding of members has continued unabated.
Thanks

Comment on Twitter and Facebook, and the rise of clickjacking. by Humidity Temperature :

Humidity Temperature : — Sun, 24 Oct 2010 19:42:18 +0000

there is a growing trend in mobile websites this year alone-`-

Comment on Twitter and Facebook, and the rise of clickjacking. by LED Grow Light

LED Grow Light — Wed, 13 Oct 2010 08:39:44 +0000

there are growing number of mobile websites these days, there would be more in the future..’

Comment on ProminentDork 1.0, automating web security auditing using Google dorks by Amanda

Amanda — Sat, 29 May 2010 13:22:11 +0000

I wish i could speak computer. FML.

Comment on Facebook Delete Friends CSRF Flaw by Amanda

Amanda — Sat, 29 May 2010 13:21:26 +0000

Thats my son in that video.

Comment on Facebook Delete Friends CSRF Flaw by xdemo

xdemo — Sat, 22 May 2010 18:32:13 +0000

thanks for the interesting post.
pretty basic flaw for a site such as facebook to have… they just seem to keep coming and coming lately.

also like to say, nice blog! i’ve bookmarked it and i’ll come back regularly if i can remember ;p

Comment on Facebook Delete Friends CSRF Flaw by t3st

t3st — Sat, 22 May 2010 07:10:42 +0000

Thank you for infomation

However, how can I know if the vulnerability has been fixed ?

Comment on Comcast DNS Hijacking and Web Security by Leo Charre

Leo Charre — Tue, 11 May 2010 15:59:23 +0000

This *must* be a marketing/redtape type of people major screwup- I’m sure the I.T. staff realize that hijacking http is insane. I hope they get the nuts to grab management by the collar and ‘explain’ to them they have to stop doing this.

Comment on Lockerz.com, and the importance of data validation. by Steve

Steve — Wed, 28 Oct 2009 23:41:33 +0000

It depends how the hashing function is implemented. Say for example we know they are using the popular MD5 hashing algorithm, we still don’t know what other data they are adding to the score value or in what way they are manipulating the pre-existing data prior to hashing it. We can try different things such as concatenating the other information passed with the hash to the end of the score value, or even appending the UNIX time-stamp of the time the request was made to the end of the score value and then comparing it to the hash generated. But in the end, the hash is generated server side and anything can be done or added to the data privately prior to it being hashed by the public hashing algorithm. This makes it almost impossible to figure out. This type of hash is known as a salted hash and is quite common in request validation since it is very simple to implement. So, unless we find out what other data is being hashed along with the score, or in what way that data is being manipulated prior to being hashed, there is nothing we can do in an attempt to mimic the hashed score and send it off to the server.