You’d think that people writing botnets would be well versed in systems security, but from a quick look around I see that most botnets have some serious problems. The biggest issue with any botnet is command and control. How can the owner communicate with their bot nodes without having people steal their botnet by sniffing… Read More Why are botnets so bad at authentication?
SQL injection vulnerabilities represent a majority percentage of security holes that end up resulting in a website being hacked. One of the most popular automated SQL injection tools in existence is Havij, which is especially popular because of its simplicity. Using it is pretty much a case of pointing it at a vulnerable URL and… Read More Blocking automated SQL injection
Major forums such as vBulletin and Invision Power Board have recently altered a lot of their codebase to require a security token to prevent their previous vulnerability to XSRF (Cross Site Request Forgery). Unfortunately, phpBB seems to be lagging behind a little and has not yet added this feature. To test, I set up phpBB… Read More XSRF in phpBB, and probably a lot of other CMS software.