tag:broadcast.oreilly.com,2008-08-07://53 2010-11-28T11:49:16Z Movable Type Pro 4.21-en tag:broadcast.oreilly.com,2010://53.43451 2010-11-28T11:49:16Z 2010-11-28T11:49:16Z

Given how rampant phishing and malware attempts are these days, I hope Apple chooses to not allow arbitrary web applications to scroll the real Safari address bar out of view.

Nitesh Dhanjani Given how rampant phishing and malware attempts are these days, I hope Apple chooses to not allow arbitrary web applications to scroll the real Safari address bar out of view. tag:broadcast.oreilly.com,2010://53.43298 2010-11-08T09:37:23Z 2010-11-08T09:37:23Z

I feel the risk posed by how URL Schemes are handled in iOS is significant because it allows external sources to launch applications without user interaction and perform registered transactions. Third party developers, including developers who create custom applications for enterprise use, need to realize their URL handlers can be invoked by a user landing upon a malicious website and not assume that the user authorized it. Apple also needs to step up and allow the registration of URL Schemes that can instruct Safari to throw an authorization request prior to yanking the user away into the application.

Nitesh Dhanjani I feel the risk posed by how URL Schemes are handled in iOS is significant because it allows external sources to launch applications without user interaction and perform registered transactions. Third party developers, including developers who create custom applications for enterprise use, need to realize their URL handlers can be invoked by a user landing upon a malicious website and not assume that the user authorized it. Apple also needs to step up and allow the registration of URL Schemes that can instruct Safari to throw an authorization request prior to yanking the user away into the application. tag:broadcast.oreilly.com,2010://53.43040 2010-09-29T09:00:02Z 2010-09-29T09:00:02Z

But what happens when patients volunteer their private medical records into the public domain? In this article, I'd like to present my thoughts on this topic.

Nitesh Dhanjani But what happens when patients volunteer their private medical records into the public domain? In this article, I'd like to present my thoughts on this topic. tag:broadcast.oreilly.com,2010://53.42915 2010-09-12T23:34:32Z 2010-09-12T23:34:32Z

In order to influence users to promote positive cultural change in security related behavior, the enforcers must comprehend additional variables such as the difference in the perspective of risk to the individual, psychological biases and simple behavioral economics.

Nitesh Dhanjani In order to influence users to promote positive cultural change in security related behavior, the enforcers must comprehend additional variables such as the difference in the perspective of risk to the individual, psychological biases and simple behavioral economics. tag:broadcast.oreilly.com,2010://53.39985 2010-06-01T07:23:41Z 2010-06-01T07:23:41Z

It is my opinion, that regardless of the platform, the online social space has created a condition where the end users must ultimately collaborate to initiate an ongoing privacy arms race to poison the intelligence collected of them. To promote this sentiment, and to further the cause of research in this field, I'd like to announce the AntiSocial project.

Nitesh Dhanjani It is my opinion, that regardless of the platform, the online social space has created a condition where the end users must ultimately collaborate to initiate an ongoing privacy arms race to poison the intelligence collected of them. To promote this sentiment, and to further the cause of research in this field, I'd like to announce the AntiSocial project. tag:broadcast.oreilly.com,2010://53.39939 2010-05-22T23:54:25Z 2010-05-22T23:54:25Z

2 years later from my original disclosure, the Carpet Bomb vulnerability on OSX remains un-patched.

Nitesh Dhanjani 2 years later from my original disclosure, the Carpet Bomb vulnerability on OSX remains un-patched. tag:broadcast.oreilly.com,2010://53.39554 2010-04-06T09:38:50Z 2010-04-06T09:38:50Z

In their explanation on the developer wiki, Facebook explicitly states that 3rd party applications that use this feature can only gather information about the given user that may be publicly search-able anyway. However, this assurance from Facebook is without merit because the implied reasoning is based upon flawed assumptions: the act of users choosing to make some of their information publicly search-able does not imply in any way that the users are granting the ability for rogue 3rd party applications to uncloak their identity (and data).

Nitesh Dhanjani In their explanation on the developer wiki, Facebook explicitly states that 3rd party applications that use this feature can only gather information about the given user that may be publicly search-able anyway. However, this assurance from Facebook is without merit because the implied reasoning is based upon flawed assumptions: the act of users choosing to make some of their information publicly search-able does not imply in any way that the users are granting the ability for rogue 3rd party applications to uncloak their identity (and data). tag:broadcast.oreilly.com,2009://53.37886 2009-09-05T21:12:31Z 2009-09-05T21:12:31Z

My new book "Hacking: The Next Generation" is now available.

Nitesh Dhanjani My new book "Hacking: The Next Generation" is now available. tag:broadcast.oreilly.com,2009://53.35731 2009-03-30T10:10:42Z 2009-03-30T10:10:42Z

I will be presenting Psychotronica: Exposure, Control, and Deceit at the Hack in the Box Conference in Dubai (20th - 23rd April 2009).

Nitesh Dhanjani I will be presenting Psychotronica: Exposure, Control, and Deceit at the Hack in the Box Conference in Dubai (20th - 23rd April 2009). tag:broadcast.oreilly.com,2009://53.35570 2009-03-11T09:42:11Z 2009-03-11T09:42:11Z

Amazon EC2 is an extraordinarily powerful infrastructure available to anyone with a stolen credit card. Even if someone is able to use the EC2 platform for a few hours with a stolen credit card, he or she will be able to initiate a vicious cycle that may become impossible to halt.

Nitesh Dhanjani Amazon EC2 is an extraordinarily powerful infrastructure available to anyone with a stolen credit card. Even if someone is able to use the EC2 platform for a few hours with a stolen credit card, he or she will be able to initiate a vicious cycle that may become impossible to halt. tag:broadcast.oreilly.com,2009://53.35411 2009-02-24T14:46:15Z 2009-02-24T14:46:15Z

The Gartner press release makes extraordinary claims on how much phishing costs businesses: $3.2 billion is not an estimate that should be taken lightly by anyone. Extraordinary claims require extraordinary evidence (quoting Carl Sagan). As I read through the Gartner press release, I felt that the claims were unsupported because, besides the fact that a survey was conducted, it does not reveal the methodology used to arrive at the specific claims.

Nitesh Dhanjani The Gartner press release makes extraordinary claims on how much phishing costs businesses: $3.2 billion is not an estimate that should be taken lightly by anyone. Extraordinary claims require extraordinary evidence (quoting Carl Sagan). As I read through the Gartner press release, I felt that the claims were unsupported because, besides the fact that a survey was conducted, it does not reveal the methodology used to arrive at the specific claims. tag:broadcast.oreilly.com,2009://53.34841 2009-01-04T19:57:28Z 2009-01-04T19:57:28Z

I'll be speaking at the International Conference on Cyber Security 2009 in New York (Jan 5 - 9).

Nitesh Dhanjani I'll be speaking at the International Conference on Cyber Security 2009 in New York (Jan 5 - 9). tag:broadcast.oreilly.com,2008://53.34694 2008-12-18T11:29:19Z 2008-12-18T11:29:19Z

In this article, I want to further the discussion on how micro-blogging channels may be leveraged by terrorist organizations to obtain real time surveillance and intelligence of their efforts.

Nitesh Dhanjani In this article, I want to further the discussion on how micro-blogging channels may be leveraged by terrorist organizations to obtain real time surveillance and intelligence of their efforts. tag:broadcast.oreilly.com,2008://53.34084 2008-11-10T11:59:25Z 2008-11-10T11:59:25Z

In this article, I want put forth a case study to demonstrate how capturing feelings on the social web can allow companies to measure the reputation of their brand.

Nitesh Dhanjani In this article, I want put forth a case study to demonstrate how capturing feelings on the social web can allow companies to measure the reputation of their brand. tag:broadcast.oreilly.com,2008://53.34010 2008-11-04T09:07:03Z 2008-11-04T09:07:03Z

Venues such as O'Reilly are not likely to discuss politics or religion often. Yet, as scientists and technologists, when we do have something to say that addresses an important topic where we can offer reasoning and critical thought - let's not be shy about it.

Nitesh Dhanjani Venues such as O'Reilly are not likely to discuss politics or religion often. Yet, as scientists and technologists, when we do have something to say that addresses an important topic where we can offer reasoning and critical thought - let's not be shy about it.