23Eyl
Why do testers often use the single quote ( ‘ ) to test for SQL injection?
It has been seen that security testers input either ‘ or ; into the application entry points to test for SQL injection. Why are these characters used?
21Eyl
Why does ssh `known_hosts` file need server name?
When I push/pull repos on GitHub over SSH, sometimes there will a message about unidentified server which asks if I want to trust and add it to known_hosts. Apparently this is because GitHub has multiple IPs.
What I don’t understand is why…
17Eyl
Is this login flow via an authenticated email account safe?
I want to have users log in by entering an email, and then proving that they control that email. I only care that they do control the email, and so want to avoid add another password to the process if I can safely defer to the security gua…
11Eyl
FLARE IDA Pro Script Series: MSDN Annotations Plugin for Malware Analysis
The FireEye Labs Advanced Reverse Engineering (FLARE) Team continues
to share knowledge and tools with the community. We started this blog
series with a script for Automatic
Recovery of Constructed Strings in Malware. As always, you can
downl…
11Eyl
FLARE IDA Pro Script Series: MSDN Annotations Plugin for Malware Analysis
The FireEye Labs Advanced Reverse Engineering (FLARE) Team continues
to share knowledge and tools with the community. We started this blog
series with a script for Automatic
Recovery of Constructed Strings in Malware. As always, you can
downl…
9Eyl
Is it possible to use one-time passwords for WI-FI?
Is it possible to configure an access point to use one-time passwords for authentication and encryption ?
9Eyl
Assessing risk for the September 2014 security updates
Today we released four security bulletins addressing 42 unique CVE’s. One bulletin has a maximum severity rating of Critical and the other three have maximum severity Important. This table is designed to help you prioritize the deployment of updates ap…
2Eyl
Do `sudo` and `su` belong to capability-based security?
In Linux, do sudo and su belong to Capability-based security ?
For example, when editing a system file, we usually need sudo or su to temporarily switch to user root. Does this example belong to capability-based security, or to protection…
