Makl Ndrix

Category: security

  • Privacy in a widgeted world

    The Internet as we use it today, has very little privacy left. We all say that Facebook and Google know “too much”, only to realise that they don’t know anything aside from what we feed them, or do they? Welcome the “widget”. A piece of html (with css, javascript..) to be included in another page,…

  • JQlog: JQuery Keylogger, or why not to trust your proxy admin.

    Note that this post is for awareness and educational purposes only. I do not encourage, and cannot be held responsible for malicious actions using these tools. The Internet, as it is today, is a mash-up of JavaScript enabled services, often included from external websites. Internet companies offer so-called widgets, which are JavaScript tools that can…

  • Widgets or IFrame hacks, how would we know?

    A particular aspect in IT security is injecting malware into websites. Often leading to so-called “drive by downloads“. This malware is often inserted due to a browser vulnerability which gets executed by, say, Javascript. The latter is usually “inserted” in a legitimate website using a hidden <IFRAME> tag or similar. How can this be stopped?…

  • Logging into SSH with a different username

    I love SSH. SSH is the de-facto service for remote server management, especially in a CLI environment. Being a avid Linux user, and spending quite a bit of time on OSX lately, I often SSH into several servers remotely. Being subject to “username conventions”, you don’t always share the same username across machines. And I…

  • MS08-67 released out of the patch cycle, new blaster coming up?

    A newly discovery vulnerability made Microsoft release a security patch aside from it’s usual cycle, the notorious Patch Tuesday. This “Patch Tuesday” is normally every second Tuesday of the month. MS08-067 fixes a bug in the RPC handling of the Windows Server service. The bug was deemed as “critical” on pre-Vista machines, which is still…

  • Minimalistic browser, Google’s Chrome

    Google came out with a new browser, called Chrome. A company that pushes so much into a browser, made their own browser with minimalistic design (as usually done by google) multiple features, such as the incognito windows (wont leave traces in your sites’s history), the built in javascript console, V8 Javascript engine. See it as…

  • Dubai jails yahoo email account hacker

    An Egyptian secretary guessed the password of a yahoo account of an Emirati UN employee, and was sentenced to three months in jail and deportation. The “hacker” emailed the victim that he broke into her email account, and was going to release pictures and “other secrets” of her, according to GulfNews. Not the cybercrime caliber…