security

Contacts Theft And Eavesdropping Powered By Viber For Desktop

Contacts Theft And Eavesdropping Powered By Viber For Desktop

Straight to the point: Viber, due to poor security management across devices, will allow an attacker to easily steal all of your contacts and to monitor all of your conversations.

сеп 26 2015
Nastavak

[Video] XSS via malicious user agent

[Video] XSS via malicious user agent

I few days ago I’ve done some tests with Firefox add-on called User Agent Switcher. What I was trying to test is how social networks (Twitter, Facebook, Foursquare) react to sudden change in user agent. But then I came to a better idea. User agents, along with other data from your browser (browser info) and PC, are being increasingly used to track users on the web for marketing and security reasons. These data are in the core of systems called cookieless device fingerprinting. Number of websites that use this type of data is growing as we speak. If you don’t control how you store an show this data in your admin panel there is an easy way for you to get XSSed. In this post I’ll show you how.

јан 19 2014
Nastavak

How Misuse of the bit.ly Service Can Lead to Information Leakage

URL shortening services, like goo.gl, bit.ly, or ow.ly, are very popular on the Internet nowadays and are frequently used. These services are a good and useful product that make the everyday use of the Internet easier and more pleasant for everyone. They take ugly and long URLs and make them short and easy to remember.
Certain services offer the option of having insight into the click analytics, so that we can track how many sad souls clicked on the link to the Lana Del Rey’s song that we posted on our Facebook profile: http://goo.gl/a1E3J
However, bit.ly took it even further, in addition to offering analytics and having a certain kind of a social network, with allowing users to create custom URLs (for example: http://bit.ly/sikanja takes you to my LinkedIn profile). I find playing with this particularly interesting and I often make custom URLs for lots of different things (by the way, bit.ly is not the only service that offers this feature).

Why am I mentioning these services on the fraud and security blog? They’re infamous for their abuse in spam and phishing attacks, but this time we’re not going to talk about that. In this post, I will show you an example of how improper use of these services can jeopardize both your privacy and the information security of the company you work for. Also, marketing managers will find useful information about spying on the yet unpublished information by their competitors.

дец 16 2013
Nastavak