Top 10 Web hacking techniques of 2010

Discussion in 'other security issues & news' started by MrBrian, Feb 26, 2011.

Thread Status:
Not open for further replies.
  1. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    From http://www.networkworld.com/news/2011/012411-top-web-hacking-techniques.html?page=1:
    Full lists (including top 10 and many more) for each of past 5 years:
    hxxp://jeremiahgrossman.blogspot.com/2011/01/top-ten-web-hacking-techniques-of-2010.html
    hxxp://jeremiahgrossman.blogspot.com/2010/01/top-ten-web-hacking-techniques-of-2009.html
    hxxp://jeremiahgrossman.blogspot.com/2009/02/top-ten-web-hacking-techniques-of-2008.html
    hxxp://jeremiahgrossman.blogspot.com/2008/01/top-ten-web-hacks-of-2007-official.html
    hxxp://jeremiahgrossman.blogspot.com/2006/12/top-10-web-hacks-of-2006.html
     
  2. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,913
    @ MrBrian

    Thanks for posting :thumb:

    Don't have it so :thumb:

    Tested it before and was :thumb:

    Disabled so :thumb:

    Always close FF before logging in anywhere critical and launch a new instance to go. Also immediately close FF straight afterwards & relaunch to move on. Plus FF is set to delete everything on close so :thumb:

    NoScript should take care of CJ at least so "maybe" :thumb:

    Don't use it so :thumb:

    Something would have to get in first to do that so :thumb:

    No Java so :thumb:

    Not sure about this ? Tried to test from the link, but couldn't see it ?

    No Java so :thumb:

    Anyway, i "believe" i'm doing pretty good, unless someone knows better ;)

    EDIT - Tidy up & a bit more info ;)
     
    Last edited: Feb 26, 2011
  3. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,726
    Interesting article, thanks.
     
  4. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    & CloneRanger: you're welcome :).

    CloneRanger's analysis is an example of why I posted this in the first place: know what's out there so that one can try to protect one's self.
     
  5. Boyfriend

    Boyfriend Registered Member

    Joined:
    Jun 7, 2010
    Posts:
    1,070
    Location:
    Pakistan
    Thanks MrBrian for informative read :thumb:
     
  6. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,051
    Location:
    Outer space
    CloneRanger, you can make your Firefox immune to the CSS History Hack by going to about:config and setting layout.css.visited_links_enabled to false. This will disable giving visited links a different color and so the attacker cannot determine which links you've visited anymore.
     
  7. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,913
    @ BoerenkoolMetWorst

    Thanks for replying with the Very useful tip :thumb: I checked and already had it set like that

    css.gif

    So i must have done it sometime earlier, but forgot :( Better to be reminded though, just in case :) and others can now also follow your good advice too :thumb:
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.