According to the Pirate Bay blog(http://thepiratebay.se/blog/210), they are considering launching their front end servers to a low orbit station, giving them a claimed throughput of 100 Mbps. I honestly do not know how they plan to address the power issues, but hey – kudos for the creativity.
Ctrl-Alt-Del even addressed it in their comic today(http://www.cad-comic.com/cad/20120321)
I read an article about Facebook 2-factor authentication fail on The Hackernews earlier today.
In short, Facebook has a feature that can be added to your account, which forces you to enter an additional code that is sent to your mobile phone when you have entered valid username and password. According to the article though, this 2-factor authentication can be circumvented easily – by design from Facebook.
Yes, the article does have a point. But, they have also missed clarifying something. In one of the pictures, it states that “Because you enabled login approvals less than one week ago, you have the option to log in without entering a security code. Doing so will automatically turn off login approvals on your account”.
So, in order to minimize the number of support cases that could possibly be caused by this feature, a user that enters valid credentials and that opted-in on this feature less than a week ago has the opportunity to disable it without entering the security code that has been sent to the mobile. After that time period, the feature works exactly as anticipated and cannot be disabled without first logging on with your credentials and a security code:
These are the only options available. Also, while doing this – Facebook was opened from an “Recognized device” and immediately when the correct credentials was entered, the following notification appeared:
So, in short. Yes – in the idyllic world, this is not the preferred method, but remember – this is a feature that is not enabled by default and will work as anticipated after a week. If this feature is enabled in the belief that the credentials has been compromised, the right thing to do would be to change the username and password instead.
Now and then one can read articles pertaining to the fact that certain countries wishes to monitor or in other ways restrict access to Internet in one way or another, the latest one about India that wishes to monitor both Facebook and Twitter(http://it.slashdot.org/story/11/08/08/2236225/India-Wants-To-Monitor-Twitter-Facebook).
Well, there are technologies made to circumvent these issues, such as TOR(https://www.torproject.org/). One major drawback of this however is the fact that TOR can and actually has been blocked with a classic combination of known IP addresses and TCP ports.
The other day I downloaded the latest Security Now! podcast as usual(http://www.grc.com/securitynow.htm) and listened to it. This episode was named “Listeners feedback #123″, and quite a few users had brought to Steve’s attention the product Telex(http://www.telex.cc/), which seems to be an interesting concept. However – as Steve mentions – I’m afraid that this will only be a great concept, unable implement due to infrastructural problems.
The main idea with Telex is to bypass these censoring authorities by hiding a request to a blocked site inside a regular https request to an unblocked site. While most routers on the Internet will ignore this flag set, some routers would have a Telex client installed, and would recognize this request to the blocked site and would immediately reroute to this site.
This really seems to be an interesting concept, and it would be fascinating to see some calculations on how many percent of the routers needs to have a Telex client installed in order for this to work at a high rate.
I stumbled upon a blog post some time ago that I thought might be useful. Everyone knows that SQL server can be vulnerable to certain SQL injection attacks, but after the attacks on the Mysql web page, it became obvious that even Mysql is vulnerable to SQL injection attacks.
The blog post I mentioned is a cheat sheet for trying sql injection attacks and can be found here: http://pentestmonkey.net/blog/mysql-sql-injection-cheat-sheet/.
If you want to automate the SQL injection process, there is also a great tool called Pangolin that you can read more about here: http://www.darknet.org.uk/2009/05/pangolin-automatic-sql-injection-tool/.
Welcome to www.ictsecurity.se. On this page I will try to post things pertaining to information security.