Information Security News |
Visa refused for incorrect reasons Australia Forum On May 6th 2013, I received an email from the address [email protected]****************, titled "RE: T4 ******************* - Zawar - Request Documents or Info [SEC=UNCLASSIFIED]". The text of this email is as follows: UNCLASSIFIED Hi Please email ... |
Was just browsing my web logs again, and came across this stupid little SQL injection attempt:
GET //diary.html?storyid=3063//////////////-999.9+union+select+0-- HTTP/1.1
There were more like it. The reason I call this "stupid and simple" is that it probably didn't even work if I was vulnerable (mysql at least requires a space after the comment). So I was looking for other attempts (I found a few) but they had similar elemental mistakes, or used well known "bad" user agents that are frequently blocked (Firefox 3.5.9 ?! Really?)
So I was wondering: Why don't I see ever "better" attacks? One issue may be that web logs usually don't capture the "POST" request data. If you capture it at all, you capture it using a WAF or IDS if the request was suspect. Also, capturing full posts presents other problems. The data could be quite large, and may contain personal data that should better not be logged (usernames and passwords).
Anybody got a good way of logging "sanitized" POST requests?
------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter
Aamir Lakhani FederalNewsRadio.com Writing under the pseudonym Dr. Chaos, Lakhani also operates the DrChaos.com blog. In their recent list of 46 Federal Technology Experts to Follow on Twitter, Forbes magazine described Aamir Lakhani as "a blogger, infosec specialist, super hero...and ... |
How Google and Blue Box sparked an important open source discussion Network World Forristal is enjoying the notoriety that will pack his talk at the INFOSec industry's Black Hat Conference in August, but his motivation extends beyond self promotion and appears to be sincere. Unless Forristal's Linkedin profile has been contrived, he ... |
I would not allow users Admin access by default. This is a practice that can have serious security repercussions.
Give ""Admins"" a power user account and then tweak it further using GPO and AppLocker. Set up logging for Admin and standard user accounts.
SANS opens registration for Dubai 2013 InfoSec training AME Info (press release) SANS Dubai 2013, the Gulf Region's largest InfoSec training event has opened for online registration including 'early bird' discounts. The event will be held at the Hilton Dubai Jumeirah resort from October 26th till November 7th 2013 with a roster of ... |
Posted by InfoSec News on Jul 16
http://www.koreaherald.com/view.php?ud=20130716000896Posted by InfoSec News on Jul 16
http://www.bankinfosecurity.com/retail-breach-hits-hawaii-restaurants-a-5910Posted by InfoSec News on Jul 16
http://news.nationalpost.com/2013/07/14/with-espionage-at-cold-war-levels-csis-warns-travelling-spies-not-to-fall-for-sexual-honey-traps/Posted by InfoSec News on Jul 16
http://www.pcmag.com/article2/0,2817,2421782,00.aspPosted by InfoSec News on Jul 16
Forwarded from: cfp (at) ruxcon.org.au