-
Recent Posts
Recent Comments
Arkadiusz Robiński on HTTP Parameter Pollution. So h… c3ret on HTTP Parameter Pollution. So h… Archives
Categories
Meta
Category Archives: Web Security
Execute this! Looking at code-loading techniques in Android
Recently, several research efforts related to the security of the Android mobile platform showed how often Android applications are affected by severe security vulnerabilities. During the last summer, we decided to investigate how benign and malicious Android apps use a … Continue reading
Posted in Web Security
Leave a comment
deDacota: Toward Preventing Server-Side XSS via Automatic Code and Data Separation
[cross-posted from http://adamdoupe.com/blog/2013/09/05/dedacota-toward-preventing-server-side-xss-via-automatic-code-and-data-separation/%5D This post is an overview of the paper deDacota: Toward Preventing Server-Side XSS via Automatic Code and Data Separation which was written as a collaboration between the UC Santa Barbara Seclab and Microsoft Research, by yours truly. … Continue reading
Posted in Web Security
Leave a comment
What The Fork: how to immediately block *any* Android device
[cross-posted from http://reyammer.blogspot.com/2013/06/what-fork-how-to-immediately-block-any.html] What if an unprivileged Android app could lock, instantaneously, any Android device out there? What if such an app exists and is also really simple to implement? A few months ago, Antonio and I stumbled upon a paper titled Would You Mind Forking … Continue reading
Could the AP Twitter hack have been prevented?
Twitter hacks can cause a lot of damage. It is news of this week that the Associated Press Twitter account got compromised, and sent a tweet announcing that the White House had been hit by a terrorist attack, and that … Continue reading
Clickonomics: Determining the Effect of Anti-Piracy Measures for One-Click Hosting
The Digital Millennium Copyright Act (DCMA) already allows copyright owners to have infringing files taken down from hosting services and search engines. The Stop Online Privacy Act (SOPA) law proposal would have introduced a similar take-down scheme directed against entire … Continue reading
Posted in Web Security
Leave a comment
Paying for Piracy? An Analysis of One-Click Hosters’ Controversial Reward Schemes
Many Internet users have probably heard of Megaupload, not least because the site was shut down by the FBI in early 2012. Megaupload was one of the first and largest one-click hosters (or “cyberlockers”). While Megaupload may be offline at … Continue reading
Posted in Web Security
Leave a comment
A Security Analysis of Two Satphone Standards
There is a rich body of work related to the security aspects of cellular mobile phones, in particular with respect to the GSM and UMTS systems. Similarly to GSM, there exist two standards for satellite telephony called GMR-1 and GMR2. These two standards … Continue reading
Posted in Web Security
Leave a comment
Shellzer: a tool for the dynamic analysis of malicious shellcode
Last September, I presented Shellzer at RAID 2011 conference. Shellzer is a tool that I developed back in August 2010, that aims to dynamically analyze malicious shellcode. The main goal was to analyze the shellcode samples that have been collected by running … Continue reading
Posted in Binary Analysis, Web Security
Leave a comment
Insights into User Behavior in Dealing with Internet Attacks
At last, we finalized analyzing the data from the user experiments we had conducted earlier this year, and collected the results in the paper “Insights into User Behavior in Dealing with Internet Attacks”, that is going to appear at NDSS, … Continue reading
Posted in Web Security
Leave a comment
Report from Amsterdam (OWASP & DIMVA)
Last week I was in Amsterdam for an intensive three days of conferencing, talks and social events. On the first evening, I was kindly invited to join the OWASP Netherlands Chapter Meeting to present the work we recently did together with … Continue reading
Posted in Web Security
Leave a comment
The iSecLab Blog [by Faculty and Students]; 