Absolute Technology 

Tailored recruitment solutions for IT companies and projects across Asia

  • HOME

  • ABOUT US

  • NEWS

  • JOBS

  • CANDIDATES

  • CLIENTS

  • CONTACT

  • More

    © 2013 by Absolute Technology. 

    FOLLOW US:

    • w-facebook
    • linkedin-xxl.png
    • Twitter Clean

    Data Visualization

    August 28, 2014

    NoSQL vs SQL - Who Is Who?

    August 14, 2014

    A Less Obvious Way in Which Technology is Disrupting Economics.

    July 31, 2014

    Top 5 Web Application Vulnerabilities.

    June 15, 2014

    Big Day Today – a Computer Has Passed the Turing Test (For the First Time).

    June 10, 2014

    KPCB Internet Trend Report 2014 Is Out Now.

    May 20, 2014

    JavaScript drives robots – the future is finally on its way!

    May 15, 2014

    WebRTC – a lot more than just a killer of Skype.

    May 1, 2014

    Tim Berners-Lee and Leonard Kleinrock see 2014 from back in 2000.

    April 21, 2014

    Interview Tips

    August 22, 2013

    Please reload

    Recent Posts

    KPCB Internet Trend Report 2014 Is Out Now.

    May 20, 2014

    Interview Tips

    August 22, 2013

    A Less Obvious Way in Which Technology is Disrupting Economics.

    July 31, 2014

    1/3
    Please reload

    Featured Posts

    Top 5 Web Application Vulnerabilities.

    June 15, 2014

    A security researcher from Israel has discovered a very basic, almost “school boy” level bug in Gmail that could have potentially compromised millions of email addresses. He notified Google, who have rectified the problem and have rewarded the honest fellow with the whooping $500.

     

    Here is the news article that details these events:

    http://rt.com/news/165552-gmail-bug-users-address/

    For those technically minded, watch the embedded Youtube video that details how Oren Hafif did it.

     

    This news has been circulating around the web causing facepalm reactions for a few days now. We are really not sure what is the bigger PR embarrassment for Google - the simplicity of the bug or the $500 amount.

     

    As a brief background detour, in general there are five types of web application vulnerabilities:

    • Remote code execution

    • SQL injection

    • Format string vulnerabilities

    • Cross Site Scripting (XSS)

    • Username enumeration

     

    The particular Gmail vulnerability described above can be loosely classed as “username enumeration”. 

     

    All five of these types of attacks have been around since the very inception of the Web and despite decades of awareness, haven't diminished but in fact have grown in abundance.

     

    Here is a good summary of these five categories of web application vulnerabilities, courtesy of Symantec.  There are code snippets, examples and further links:  http://www.symantec.com/connect/articles/five-common-web-application-vulnerabilities

     

    Another useful resource is OWASP - worldwide not-for-profit charitable organization focused on improving the security of software:  https://www.owasp.org/index.php/Main_Page

     

    In particular, OWASP provide a very good overview of Cross Site Scripting and measure to take to avoid it (we found that Symantec's coverage of XSS in the link above was too brief to do it proper justice) here: https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)

     

    As an example of a high profile XSS vulnerability – here is an article about Robert Kugler, a 17 year old from Germany, who found an XSS flaw in PayPal in 2013:  http://threatpost.com/paypal-site-vulnerable-to-xss-attack   

     

    While PayPal had followed Mozilla and Facebok in setting up a “bug bounty” program that encourages responsible bug reporting, they didn’t reward this particular bug reporter because he was under 18.

     

    <--(Image taken from XKCD: http://xkcd.com/327/)

    Please reload

    Follow Us

    I'm busy working on my blog posts. Watch this space!

    Please reload

    Search By Tags

    August 2014 (2)

    July 2014 (1)

    June 2014 (2)

    May 2014 (3)

    April 2014 (1)

    August 2013 (1)

    Please reload

    Archive
    • Facebook Basic Square
    • Twitter Basic Square
    • Google+ Basic Square