At least two tools have been released in the past week that make stealing Facebook, Twitter, or just about any other Web 2.0 account while you surf from your local coffee shop a drag-and-drop proposition. From a technical standpoint, it has never been difficult to do. With these new tools, however, it becomes trivial. I’im…
Read MoreBen April
Threat Researcher
Over the years, many changes have been made to the Domain Name System (DNS). Some of these changes were made to allow internationalized domain names (IDNs). The concept behind these is simple—to allow language-specific scripts or characters that are not part of the usual Latin alphabet to become part of domain names. However, the security…
Read MoreLast week at the BlackHat and DEFCON security conferences, independent researcher Craig Heffner demonstrated a new attack against home routers that combined DNS rebinding and Cross-Site Request Forgery (CSRF). This attack used JavaScript to trick the user’s browser into establishing a communication channel between the attacker and the admin console of his/her home router. If…
Read MoreOver the past few years, there has been plenty of talk about the exhaustion of IPv4 addresses and the need to adopt IPv6. One thing that is clear is that we will run out of space within 1–2 years, if not sooner. How IPv4 addresses will run out We know how IPv4 addresses will be…
Read MoreI recently made up two nonsensical domain names—eixpay.com and eixpay.com—can you spot the difference between them? In a modern Unicode-capable browser, they are likely to appear identical but if you copy and paste each one into a search engine, you will get different results. The domain on the right was created using Cyrillic characters while…
Read More