Top 10 Web hacking techniques of 2010

Discussion in 'other security issues & news' started by MrBrian, Feb 26, 2011.

Thread Status:
Not open for further replies.
  1. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    From http://www.networkworld.com/news/2011/012411-top-web-hacking-techniques.html?page=1:
    Full lists (including top 10 and many more) for each of past 5 years:
    hxxp://jeremiahgrossman.blogspot.com/2011/01/top-ten-web-hacking-techniques-of-2010.html
    hxxp://jeremiahgrossman.blogspot.com/2010/01/top-ten-web-hacking-techniques-of-2009.html
    hxxp://jeremiahgrossman.blogspot.com/2009/02/top-ten-web-hacking-techniques-of-2008.html
    hxxp://jeremiahgrossman.blogspot.com/2008/01/top-ten-web-hacks-of-2007-official.html
    hxxp://jeremiahgrossman.blogspot.com/2006/12/top-10-web-hacks-of-2006.html
     
  2. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    @ MrBrian

    Thanks for posting :thumb:

    Don't have it so :thumb:

    Tested it before and was :thumb:

    Disabled so :thumb:

    Always close FF before logging in anywhere critical and launch a new instance to go. Also immediately close FF straight afterwards & relaunch to move on. Plus FF is set to delete everything on close so :thumb:

    NoScript should take care of CJ at least so "maybe" :thumb:

    Don't use it so :thumb:

    Something would have to get in first to do that so :thumb:

    No Java so :thumb:

    Not sure about this ? Tried to test from the link, but couldn't see it ?

    No Java so :thumb:

    Anyway, i "believe" i'm doing pretty good, unless someone knows better ;)

    EDIT - Tidy up & a bit more info ;)
     
    Last edited: Feb 26, 2011
  3. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Interesting article, thanks.
     
  4. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    & CloneRanger: you're welcome :).

    CloneRanger's analysis is an example of why I posted this in the first place: know what's out there so that one can try to protect one's self.
     
  5. Boyfriend

    Boyfriend Registered Member

    Joined:
    Jun 7, 2010
    Posts:
    1,070
    Location:
    Pakistan
    Thanks MrBrian for informative read :thumb:
     
  6. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,771
    Location:
    Outer space
    CloneRanger, you can make your Firefox immune to the CSS History Hack by going to about:config and setting layout.css.visited_links_enabled to false. This will disable giving visited links a different color and so the attacker cannot determine which links you've visited anymore.
     
  7. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    @ BoerenkoolMetWorst

    Thanks for replying with the Very useful tip :thumb: I checked and already had it set like that

    css.gif

    So i must have done it sometime earlier, but forgot :( Better to be reminded though, just in case :) and others can now also follow your good advice too :thumb:
     
Loading...
Thread Status:
Not open for further replies.