Recently by Nitesh Dhanjani

Given how rampant phishing and malware attempts are these days, I hope Apple chooses to not allow arbitrary web applications to scroll the real Safari address bar out of view.
I feel the risk posed by how URL Schemes are handled in iOS is significant because it allows external sources to launch applications without user interaction and perform registered transactions. Third party developers, including developers who create custom applications for enterprise use, need to realize their URL handlers can be invoked by a user landing upon a malicious website and not assume that the user authorized it. Apple also needs to step up and allow the registration of URL Schemes that can instruct Safari to throw an authorization request prior to yanking the user away into the application.
But what happens when patients volunteer their private medical records into the public domain? In this article, I'd like to present my thoughts on this topic.
In order to influence users to promote positive cultural change in security related behavior, the enforcers must comprehend additional variables such as the difference in the perspective of risk to the individual, psychological biases and simple behavioral economics.
It is my opinion, that regardless of the platform, the online social space has created a condition where the end users must ultimately collaborate to initiate an ongoing privacy arms race to poison the intelligence collected of them. To promote this sentiment, and to further the cause of research in this field, I'd like to announce the AntiSocial project.
2 years later from my original disclosure, the Carpet Bomb vulnerability on OSX remains un-patched.
In their explanation on the developer wiki, Facebook explicitly states that 3rd party applications that use this feature can only gather information about the given user that may be publicly search-able anyway. However, this assurance from Facebook is without merit because the implied reasoning is based upon flawed assumptions: the act of users choosing to make some of their information publicly search-able does not imply in any way that the users are granting the ability for rogue 3rd party applications to uncloak their identity (and data).
My new book "Hacking: The Next Generation" is now available.
I will be presenting Psychotronica: Exposure, Control, and Deceit at the Hack in the Box Conference in Dubai (20th - 23rd April 2009).
Amazon EC2 is an extraordinarily powerful infrastructure available to anyone with a stolen credit card. Even if someone is able to use the EC2 platform for a few hours with a stolen credit card, he or she will be able to initiate a vicious cycle that may become impossible to halt.

News Topics

Recommended for You

Got a Question?