Last Friday, Google released a new security tool known as Skipfish, written by Michal Zalewski, a Polish security researcher and author of various tools and books, with contributions and feedback from Google’s information security engineering team. Skipfish aims to help web application developers secure and reveal various possible security flaws of their applications. Since web applications become more and more complex, developers need similar tools to check and validate the security of their code. Michal Zalewski wrote in a blog article, “The safety of the Internet is of paramount importance to Google, and helping web developers build secure, reliable web applications is an important part of the equation.”
Posts Tagged ‘Google’
Skipfish: A new web application security tool from Google
Monday, March 22nd, 2010Attack through new IE exploit
Tuesday, January 26th, 2010Internet Explorer is again exploited by hackers. The attack, named “Aurora”, against Google and some other American companies was based on this new exploit of the Internet Explorer, announced McAfee. The exploit has already been reproduced by the Metasploit-Team, which has added the exploit to its framework.
Therefore the danger of this exploit has grown because also Script-Kiddies are able to use this exploit. The BSI recommended using another browser to not get victim of this exploit. Microsoft recommends to set the security options to “high” or to disable JavaScript on which the exploit is based.
A video explaining the attack “Aurora” can be found here.
A new effective attack against Google’s reCAPTCHA
Thursday, December 17th, 2009A new effective attack against Google’s CAPTCHA mechanisms was invented by a security researcher lately. The whole attack procedure is presented in a paper that was released on Saturday. The attack is based on OCR (Optical Character Recognition) techinques that used to evade Googles’ reCAPTCHA (CAPTCHA stands for Completely Automated Public Turing test to tell Computers and Humans Apart, for more information click here). reCAPTCHA is a recent security measure that Google uses so as to stop malicious scripts of doing important tasks without has been done first a specific authentication process. This process requires the sense of sight, that a computer script can’t have, so that optical puzzles can be solved first, in order to continue with the task execution.
