Security News #0x49
- Raphael Mudge has a nice story of how the Armitage "Hail Mary" feature came to be.
- Adam Gowdiak writes that Java remains vulnerable to a known ten-year old attack.
- The folks at the Sucuri Blog provide some technical detail on some malware that they saw, embedded in a JPEG image.
- Aditya Sood describes different ways information about the internal structure of a network is revealed in HTTP traffic.
- I read a nice piece on the use of browser fingerprinting, essentially a way to try to track a visitor to a web page without (say) setting a cookie that would let the user discover that they are being tracked.
- The New York Times has a nice investigative piece on the marketplace for vulnerabilities. Definitely a must-read for anyone who wants to work in the security industry, as the sale of exploits has become a huge issue.
- Apparently the Amazon 1 button browser add-on is sending all sorts of information to all sorts of folks. By using it, you report, for example, every web page you visit back to Amazon. Even worse, it seems that the add-on can be hacked, so the information ends up with someone else. Ugh.