Researchers from London’s Royal Holloway University designed a tool to fight against phishing using a tool called Uni-IDM(IDSpace). This identity management tool has been introduced to improve security and usability for user authentication. At this point in time, password based authentication has been used all over the world for authentication. As per the university research […]
Security researchers from University of Michigan have come up with an amazing tool to scan the internet. As per the reports, the scanner can scan the entire web in 45 minutes which sounds almost a miracle. Often security testers used nmap for their scan which took a long time scanning their targets but this research […] The Remote Code Execution vulnerability Apache Structs 2.x which was discovered July 17th appears to be seen more often as reported by sans last week. A bulletin detailing exploit attempts targeting this vulnerability has been seen lately by sans. The CVE identified for this issue is CVE-2013-2251. It’s a high critical remote code execution which […] DHL fake phishing email has been around for a while. A new set of emails has been going around since last week. Arun from Mobilesecurityrearch received a email from DHL which almost […] The new attack plucks secrets from HTTPS-protected pages was demonstrated on Blackhat last Thursday. The well known “HTTPS” which protects millions of sites across the world is prone to attack. The exploit called BREACH bypasses the SSL crypto scheme protecting millions of sites. It decodes encrypted data that online banks and e-commerce sites send in […] An alarming news broke from Facebook security last Friday on 21st at 7.50pm EST. Its not the hack that exposed this information but it was because of a bug. Its scary that facebook doesn’t even test their code when going to production. This clearly shows the ignorance of facebook and their security team putting users […] Shadowserver is a non-profit organization like abuse.ch, informs the associated network owners about the infections reported by my sinkhole, in addition to infections reported by their own sinkholes and sinkholes run by other operators. Every Computer Emergency Response Team (CERT), Internet Service Provider (ISP) and network owner can get a feed from Shadowserver for their […] Phpbb is a free online forum available and thousands love using it in different ways for exchange of ideas, discussions or build a business. However the spammers are equally busy running auto bots which can create users , fill up captcha and post their own spam topic. In a recent research at mobilesecurityresearch, we […] Its the comeback of OWASP top 10 – 2013. Nothing much has changed security threat landscape when it comes to applications. Below is the screenshot from OWASP pdf and link to the main pdf. OWASP TOP 10 list of 2013 published list. 1) Injection 2) Broken Authentication and Session Management 3) Cross-Site Scripting (XSS) 4) […] Hackmiami had its first ever Hackers conference in Miami, Florida. Hackmiami started by a small group of passionate folks since 2008 has grown itself to a full fledged hacking community in Florida with the intention of educating the information security community in staying ahead of the bad guys. The Hackmiami 2013 conference had a variety […]