Browse by Tags - The HP Security Laboratory Blog -
Sign in
|
Join
|
Help
SHOP PRODUCTS & SERVICES
EXPLORE & CREATE
CONNECT WITH OTHERS
SUPPORT & DRIVERS
COMMUNITY HOME
HP BLOGS
APP SECURITY BLOGS
APP SECURITY FORUMS
The HP Security Laboratory Blog
»
All Tags
»
Research
(RSS)
Browse by Tags
The HP Security Laboratory Blog
Home
Contact
Syndication
RSS for Posts
Atom
RSS for Comments
Recent Posts
SSLv3/TLS Renegotiation Stream Injection
Talking Headers: Part 3: The Fun
Talking Headers: Part 2
Talking Headers: Part 1
Sun releases Netscape Enteprise source--let the bug hunt begin?
Tags
Ajax
Application Security Center
breach
Cross-Site Scripting
data breach
hacked
hackers
Headers
HIPAA
HTML Injection
HTTP
Information Disclosure
Input Validation
JavaScript
Malware
Microsoft
Password Security
Personal Health Information
Privacy
Research
SQL Injection
vulnerabilities
Web Application Security
Wordpress
XSS
View more
Archives
May 2009 (5)
April 2009 (5)
March 2009 (5)
February 2009 (6)
January 2009 (7)
December 2008 (2)
November 2008 (1)
August 2008 (1)
June 2008 (1)
January 2008 (1)
December 2007 (2)
November 2007 (5)
October 2007 (1)
August 2007 (2)
July 2007 (2)
April 2007 (1)
March 2007 (1)
January 2007 (2)
December 2006 (1)
November 2006 (1)
October 2006 (2)
July 2006 (4)
June 2006 (5)
May 2006 (1)
April 2006 (2)
Headers
HTTP
IE
Microsoft
MitM
Password Security
PHP
Safari
Scrawlr
SQL Injection
SSLv3
TLS
vulnerabilities
SSLv3/TLS Renegotiation Stream Injection
Recently, Thursday 11/5/09, a few folks over on the IETF mailing list went public with a limited Man-in-the-Middle attack on SSLv3 and TLS. There has been quite a bit of press coverage on this issue's severity. However, the way this attack can be...
Published
11-16-2009 11:00 AM
by
matt wood
Filed under:
Research
,
TLS
,
SSLv3
,
MitM
Talking Headers: Part 3: The Fun
In Part 1 of the series on interesting headers, I talked about leaking hostnames. In Part 2 , it was PHP errors. In Part 3 I bring you... the funny stuff. Not funny, like how Mark Mcgwire's rookie card is now $5 on ebay compared to the hundreds it...
Published
06-08-2009 12:29 PM
by
Chris Sullo
Filed under:
Research
,
HTTP
,
Headers
Talking Headers: Part 2
While my rookie Mark McGwire cards aren't appreciating at all, my header collection is. Check these actual headers out: php warning: Unknown(): Unable to load dynamic library '/usr/local/lib/php/extensions/no-debug-non-zts-20020429/mysql.so'...
Published
06-03-2009 1:30 PM
by
Chris Sullo
Filed under:
Research
,
HTTP
,
Headers
,
PHP
Talking Headers: Part 1
Some people collect coins, DVDs or comic books. Others collect cars or Star Wars toys. Among other things, I like to collect HTTP headers. They take up a lot less space than cars, and can have a much higher return value than Mark McGwire's rookie...
Published
05-29-2009 2:58 PM
by
Chris Sullo
Filed under:
Research
,
HTTP
,
Headers
Sun releases Netscape Enteprise source--let the bug hunt begin?
Sun Microsystems announced today that Netscape Enteprise Server, one of the original grand-pappys of "modern" web servers (which excludes NCSA--sorry fanboys... I know you're out there), has been released under the BSD license. This isn't...
Published
01-16-2009 9:07 PM
by
Chris Sullo
Filed under:
Research
,
vulnerabilities
URL Authentication - IE Silliness
IE dropped support for URL authentication (e.g., http://user:pass@example.com/ ) around 2004. There are plenty of discussions out there about the merits and problems with URL authentication, so I won't comment on it yet again. However, it is still...
Published
12-08-2008 5:53 PM
by
Chris Sullo
Filed under:
Safari
,
Password Security
,
Research
,
Microsoft
Subdomains With Hyphens
I’ve been running a lightweight web crawler for a while just to look for interesting things. Recently I’ve noticed several web sites with hyphens at the beginning or end (or both) of their subdomain names/labels. The first time I saw it, I chalked it...
Published
12-02-2008 7:31 PM
by
Chris Sullo
Filed under:
IE
,
Research
Finding SQL Injection with Scrawlr
You have likely been tracking the mass SQL Injections that are currently sweeping through the net. Just last night I was shopping on www.ihomeaudio.com when I noticed they had been injected (they have since fixed their site). HP started to observe these...
Published
06-24-2008 1:00 PM
by
erik.peterson
Filed under:
Research
,
SQL Injection
,
Scrawlr
,
Microsoft
Privacy Statement