Michael Sutton's Blog -

Michael Sutton's Blog

Sort by: Most Recent | Most Viewed | Most Commented

  • A Tour of the Google Blacklist

    [Update 01.10.07: In response to some of the queries that I've been receiving, I've published a follow up blog to discuss the structure/decryption algorithm of Google's Encoded/Hashed Blacklist .] I recently decided to devote a day to walking...

  • How Prevalent Are SQL Injection Vulnerabilities?

    [Update 01.31.07 - A follow up blog on the prevalence of XSS vulnerabilities has now been posted.] [Update 01.17.07 - This blog is now also available as a webcast .] Earlier this month, Mitre revealed that web application vulnerabilities have now claimed...

  • Why All The Hype About 0day?

    The term "0day" has the power to make sys admins cringe. It the greatest fear of anyone tasked with protecting critical assets - a problem without an easy solution. Why? No, seriously why? 0day is a neon sign in the middle of Times Square. Once...

  • Decoding the Google Blacklist

    After publishing last week's blog entitled ‘A Tour of the Google Blacklist' , I received a few queries about Google's encoded/hashed blacklist (enchash). This blacklist is separate from the unencoded blacklist that was the focus of the...

  • Top 10 Signs You Have an Insecure Web App

    I often surf the web and see blatant design errors that make me shake my head. Without even investigating the security of a site, I know without a doubt that the site will be chock full of vulnerabilities. How can I be so sure? I see programming mistakes...

  • Phree Phishing

    I recently blogged about the phishing pages that I found during a Tour of the Google Blacklist . In that posting I noted how I was surprised to find that Yahoo! was actually hosting phishing sites designed to phish Yahoo! credentials. Not surprisingly...

  • Fun With Google Code Search

    Yesterday, Google Labs launched a search tool that has many developers salivating. It's called Google Code Search (GCS) and allows developers to search source code from other projects to assist them in finding code for reuse. It has some impressive...

  • How Prevalent Are XSS Vulnerabilities?

    How Prevalent Are Cross Site Scripting (XSS) Vulnerabilities? Based on a recent experiment, I wasn't surprised to see that they're everywhere and finding dozens at a time doesn't present much of a challenge. Back in September, 2006 I sought...

  • What is Google Binary Search and Should We Fear It?

    Background The so-called Google Binary Search (GBS) gained a fair bit of press attention in July 2006, when PC World published an article entitled ' Google's Binary Search Helps Identify Malware '. In the article, Websense revealed that they...

  • Will EV SSL Certificates Work?

    What are EV SSL certificates? With the explosion of phishing attacks and identify theft, a new form of SSL certificate is ready to hit the Internet. This new certificate is known as an Extended Validation (EV) SSL certificate and is designed "to...

  • What is Web 2.0?

    Web 2.0 may be the most ill defined technology term to date. Everyone uses the term but I have yet to hear a decent definition of it. O'Reilly Media is credited with coining the phrase and Tim O'Reilly defines Web 2.0 as: " Web 2.0 is the...

  • Microsoft Black Tuesday - February 2007

    This month Microsoft decided to play catch-up and hit us with a hefty 12 security bulletins covering 20 vulnerabilities, 13 of which were critical. The volume was not surprising given that Microsoft pulled four of eight planned bulletins four days before...

  • The True Value of Third Party Patches

    The number of so called 0day vulnerabilities seems to be on the rise and in response to this threat, a number of security researchers are pooling their skills to produce third party patches. There are plenty of arguments for why we're seeing this...

  • Evaluating Security Tools

    All companies face the challenge of evaluating security tools that they will procure, but knowing where to start can be a daunting task. While there's no perfect way to ensure that a product meets your needs a little due diligence is essential. Fortunately...

  • Microsoft Black Tuesday - October 2006

    And the file format vulnerabilities keep on coming! If the 2006 Microsoft security bulletins have had a theme, that theme has been file format vulnerabilities in media formats and Office documents. We kicked off 2006 with an out of cycle patch for the...
1 2 3 Next >
Privacy Statement
Powered by Community Server (Non-Commercial Edition), by Telligent Systems