I usually receive questions about why I have a sticker on ambient light sensors my laptops and phone. Some think I don’t know the difference between a light sensor and a camera and try to explain to me that this is not a camera. What they don’t know is that ambient light sensors can be…
Read more
Thanks to Mastercard’s long annual leave (we have 25 days!) I took a two week trip to Egypt earlier this month to visit a place I have always wanted to see: the burial tombs of the ancient pharaohs in the Valley of the Kings. As a security engineer, I could not help looking at these…
Read more
Postingan iki minangka tanggapan marang kanca sing golek peran cybersecurity ing pasar sing banget tantangan. Amarga iki dadi masalah sing umum saiki, I decided to write a post rather than simply leaving a comment. Various statistics from multiple sources suggest that there is a wide gap in cybersecurity roles,…
Read more
My first encounter with the world of cyber-criminals occurred through a watering hole attack campaign many years ago. I visited a Persian website and discovered that it was downloading malware onto visitors’ browsers. I promptly contacted the site administrator, who informed me that they had no technical knowledge of the issue. It became apparent that…
Read more
I have heard this many times over the course of the last several years: someone is experiencing a heavy DDoS attack on their website. When I ask them what type of attack they are experiencing, the answer is usually that the bad guys are sending them thousands or even millions of POST requests. When I…
Read more
DDoS (distributed denial of service) and DoS (denial of service) attacks can be broadly classified into three categories based on the layers of the OSI model they target: network layer (Layer 3), transport layer (Layer 4), and application layer (Layer 7). Layer 3 lan Lapisan 4 attacks are typically less complex–even though that they might…
Read more
Firewall aplikasi web (WAF) iku piranti keamanan sing digunakake kanggo mbela saka akses ora dikarepake menyang aplikasi web. Biasane iku piranti keamanan sing ana ing ndhuwur server web lan mbela saka ancaman saka internet utawa saka njaba wates jaringan. Ora kaya Lapisan 3 (Jaringan) lan Lapisan 4 (Transportasi) firewall, sing…
Read more
Canvas fingerprinting, lan pelacak Zombie cookie dudu bab anyar; nanging, cara-cara iki wis apik lan dadi misuwur efektivitasé sakwisé wektu. Baru-baru iki, sawijining panaliten nuduhake yen siji saka saben papat 10,000 website sing paling kerep dikunjungi ing internet nggunakake canvas fingerprinting kanggo nglacak pengunjung nganti 99.9% accuracy. Usaha pelacakan nyoba nglumpukake…
Read more
For many years, I zealously have used Suhosin with any implementations of PHP5 on Apache2 or PHP-FPM Nginx webservers to defend against SQL injection and other common web attacks. In fact, PHP5 was so disastrous, both in terms of its core security, and its functions and modules that I could have never conceived using it…
Read more
