During BlackHat USA, there were sightings of a mysterious white ninja. Witness reports claim he spoke with an english accent at 300 words per minute, raved on about sandboxing code, and plotted to take over the Web with a worm to wake people up (but just for a day). Anyone know who this phantom figure is?Bonus points for posting the best photo caption. I’m thinking “practice safe output encoding”.
I'll be visiting Cincinnati briefly tomorrow (Thu, 21 Aug 2008) to give my talk entitled Security 2.0 at the local PHP user group, OINK-PUG. Elizabeth Naramore is kindly hosting me, so I'll be able to fraternize after the meeting, which is always the best part of any user group.
This talk is one of the least PHP-specific talks I give, so if you're in the area and interested in learning a bit more about evolving trends in web application security, I hope you'll join us. In case it helps >>
shiflett
- ha.ckers: MySQL Truncation Etc…
- ha.ckers: HTML 5.0

Photobucket is, by far, one of the largest photo-sharing sites in the world. It is generally used for personal photographic albums, remote storage of avatars displayed on Internet forums, and storage of videos.
Lots of people may opt to keep their albums private, allow password-protected guest access, or open them up to the public. And now this photo-sharing site is being attacked by phishers.
The login page above looks exactly like the original site that lures the users >>
trendmicro
- Technet: IE 8 XSS Filter Architecture / Implementation
- : Token Security Is Just That
- webappsec: [WEB SECURITY] OWASP DirBuster 0.11.1 Released
Good news! Matt Miller, author of plenty of cutting-edge security research, including my fave “A Brief History of Exploitation Techniques and Mitigations on Windows” has joined the Security Science team to work on improved ways to find security vulnerabilities and better software defenses through mitigations. Most recently, Matt’s been focused on design review for Windows 7.
Matt brings a massive amount of real-world exploit and defense experience to our team. Learn more ab >>
Microsoft
08-14-2008 22:20
Security is bigger than finding and fixing bugs
I just wrapped up a post over on the SDL blog with some comments about an article on Google's security work.
>>
Filed under: Analysis / Opinion, Gaming, Software, Apple, Security
As if Mac gaming needed more problems getting off the ground. Transgaming has proudly announced that in the future, their games will include Sony's SecuROM digital rights management software. They don't mention which games will be getting the extremely restrictive DRM (that some folks have compared to malware), but we're guessing all of them, which means the Mac version of Spore will be on that list, as well as those upcomi >>Recently we announced the Internet Explorer 8 XSS Filter and talked a bit about its design philosophy. This post will describe the filter’s architecture and implementation in more detail.
Design Goals
The Internet Explorer 8 XSS Filter is intended to mitigate reflected / “Type-1” XSS vulnerabilities in a way that does not “break the web.” Our baseline approach needs to satisfy the following three conditions:
The XSS Filter must be compatible. There should >>