Straight to the point: Viber, due to poor security management across devices, will allow an attacker to easily steal all of your contacts and to monitor all of your conversations.
-
„Tihi“ SPAM na Twitter-u – kako prevaranti pokušavaju da zaobiđu sisteme zaštite
Spam, generalno rečeno, predstavlja jedan od najvećih problema na internetu danas. Gotovo nikada ne dolazi sam već je isprepletan sa drugim vidovima sajber kriminala. Borba protiv spam naloga i...
-
Top 4 odluke za vašu sajber bezbednost u 2014.
Nova godina je i vreme je za postavljanje novih ciljeva i donošenje novih odluka. Neki su krenuli sa dijetom, neki će prestati da puše i manje će da se nerviraju. Ipak, u ovom postu bavićemo se...
-
Windows XP nakon 08.04.2014. – ozbiljna pretnja za vašu sigurnost. Šta je rešenje?
Kao što je tokom 2013. godine najavljeno 8. aprila 2014. godine Microsoft će ukinuti podršku i sigurnosne zakrpe za Windows XP. Time će jedan od najdugovečnijih Microsofovih operativnih sistema...
-
Banke, ne dozvolite da vam sigurnost bude ubica korisničkog iskustva!
1.1.2014. na snagu stupa Odluka o minimalnim standardima upravljanja informacionim sistemom finansijske institucije koju je donela NBS. Pitanje problematike ove odluke i njen uticaj na korisničko...
-
[Osnove sigurnosti] Kako da ne zarazite računar kada koristite torrent
Da imam nameru da postavim suvišno pitanje korisniku interneta u Srbiji pitao bih ga da li koristi torrent za download fajlova sa interneta. Naravno da koristi, čemu u prilog govori i...
-
O sigurnosti banaka u Srbiji – analiza slučaja krađe 985 000 evra
U subotu 16. novembra 2013. kao glavnu vest domaći mediji preneli su informaciju o hapšenju lica koje je oštetilo banku Intesu za čak 985.000 evra. Šta se zapravo dogodilo? Uhapšeno lice je...
JavascriptUser agentXSSsecurity
![[Video] XSS via malicious user agent](http://www.e-sigurnost.net/Blog/wp-content/uploads/2014/01/BeHbLXXCMAE3-_Y.pnglarge-150x150.png)
[Video] XSS via malicious user agent
I few days ago I’ve done some tests with Firefox add-on called User Agent Switcher. What I was trying to test is how social networks (Twitter, Facebook, Foursquare) react to sudden change in user agent. But then I came to a better idea. User agents, along with other data from your browser (browser info) and PC, are being increasingly used to track users on the web for marketing and security reasons. These data are in the core of systems called cookieless device fingerprinting. Number of websites that use this type of data is growing as we speak. If you don’t control how you store an show this data in your admin panel there is an easy way for you to get XSSed. In this post I’ll show you how.
bit.lyinformation securitysecurity
How Misuse of the bit.ly Service Can Lead to Information Leakage
URL shortening services, like goo.gl, bit.ly, or ow.ly, are very popular on the Internet nowadays and are frequently used. These services are a good and useful product that make the everyday use of the Internet easier and more pleasant for everyone. They take ugly and long URLs and make them short and easy to remember.
Certain services offer the option of having insight into the click analytics, so that we can track how many sad souls clicked on the link to the Lana Del Rey’s song that we posted on our Facebook profile: http://goo.gl/a1E3J
However, bit.ly took it even further, in addition to offering analytics and having a certain kind of a social network, with allowing users to create custom URLs (for example: http://bit.ly/sikanja takes you to my LinkedIn profile). I find playing with this particularly interesting and I often make custom URLs for lots of different things (by the way, bit.ly is not the only service that offers this feature).
Why am I mentioning these services on the fraud and security blog? They’re infamous for their abuse in spam and phishing attacks, but this time we’re not going to talk about that. In this post, I will show you an example of how improper use of these services can jeopardize both your privacy and the information security of the company you work for. Also, marketing managers will find useful information about spying on the yet unpublished information by their competitors.
