A good tutorial of basic SQL injection (without a tool): http://www.kalitutorials.net/2014/03/sql-injection-how-it-works.html Notice the bottom entryuser-id field: ‘ OR 1= 1; /* and in password field: */– As it states in the image (from the kalitutorials website) the second statement gives you access to data of all accounts. Why is this? because a 1=1 statement … Read more
http://www.darkreading.com/operations/educating-the-cyberwarriors-of-the-future/a/d-id/1319590 Jeff Shilling opines that we need more experienced people in the Cybersecurity field. As usual the issue is senior-level execs do not fully understand all the ramification differences with 1. a person with 5+ years experience in IT plus Cyber Security Knowledge (no university degree)some certifications or 2. a person with 2 … Read more
It is worthwhile to discuss Fake apps: http://www.hotforsecurity.com/blog/dont-be-fooled-bitdefender-anti-prank-tool-does-not-exist-11664.html There are “fake” apps which claim to be anti-virus or other legitimate apps (like games) but in reality are stealing your information on your phones and computers. Example: Guardian story Here is a Criminal developer boasting(on a discussion board) about creating the fake Flappybird app which steals … Read more
The Google code website link: https://code.google.com/p/zaproxy/ Here is an interesting bit of info (from the link above): ZAP came second in the Top Security Tools of 2014 as voted by ToolsWatch.org readers Here is a screenshot with my test on my own website – www.fixvirus.com I clicked on the response tab after Owasp-Zap tries to … Read more
We know Insider trading is bad – even though we all want the money, the info to know that there will be good news before the news becomes public is sometimes draws a certain person like a moth to a flame. image from slide: http://www.slideshare.net/Identacor/8-nastiest-data-breaches-in-2015 7. Morgan Stanley insider theft: Morgan Stanley fired an employee … Read more
