Archive for August, 2008

Cross-site Scripting (XSS)

Posted August 22, 2008 at 10:32 pm in Vulnerabilities | No Comments

Cross-site Scripting (XSS) is the most recurring high-risk exploit. In recent years XSS surpassed buffer overflows to become the most common of all publicly reported security vulnerabilities.

XSS is an attack vector that targets the web application layer through embedded scripts on the client side (web browser). Common client-side scripting languages such as HTML, JavaScript, ActiveX, VBScript, and Adobe Flash are targeted. The idea is to manipulate client-side scripts of a web application to execute in the manner desired by the malicious user. XSS is often used in conjunction with phishing and spear-phishing attacks.

By injecting code into websites an attacker can gain elevated access privileges to sensitive page content, session cookies, and a variety of other objects. The website has not actually been hacked, however, it is made to appear as something other than it truly is.

XSS is often overlooked as a security vulnerability. As Web 2.0 and it’s future successor press on, this must change. Reasons why XSS vulnerabilities must receive attention include:

  • Identity theft
  • Accessing sensitive or restricted information
  • Gaining free access to otherwise paid for content
  • Spying on user’s web browsing habits
  • Altering browser functionality
  • Public defamation of an individual or corporation
  • Web application defacement
  • Denial of Service attacks

Continue reading..

Understanding the Kernel

Posted August 22, 2008 at 12:41 pm in Programming | No Comments

The kernel is a program that constitutes the central core of a computer operating system. It has complete control over everything that occurs in the system.

The kernel is the first part of the operating system to load into memory during system startup, and it remains there for the entire duration of the computer session because its services are required continuously.

The kernel code is usually loaded into a protected area of memory due to its critical nature. This prevents it from being overwritten by other, less frequently used parts of the operating system or by application programs.

It provides basic services for all other parts of the operating system, typically including memory management, process management, file management and I/O (input/output) management.

The contents of a kernel vary considerably according to the operating system, but they typically include:

  1. A scheduler, which determines how the various processes share the kernel’s processing time (including in what order).
  2. A supervisor, which grants use of the computer to each process when it is scheduled.
  3. An interrupt handler, which handles all requests from the various hardware devices that compete for the kernel’s services.
  4. A memory manager, which allocates the system’s memory addresses among all users of the kernel’s services.

Reference: The Linux Information Project

Perl Fundamentals

Posted August 21, 2008 at 10:46 pm in Programming | No Comments

Perl started out as the “Swiss army knife” of computer languages and was used primarily by system administrators, but over time it’s grown into an immensely robust language used by web-developers and programmers worldwide.

The Comprehensive Perl Archive Network is a great resource for already developed Perl modules. More than likely someone has created a module to perform the task you’re trying to accomplish.

Perl programs should start with the following line of code: 

#!/usr/bin/perl

This line of code passes the rest of the code to the Perl interpreter, which is located at /usr/bin/perl (depends on your configuration).

A Perl comment uses #.

Arithmetic operators in order of precedence: EXPONENT **, (Unary Minus), MULTIPLY *, DIVISION /, ADD +, and SUBTRACT -. The MODULO % operator has the same precedence as * and /.

Bitwise operators are: AND &, OR |, XOR ^, and NOT ~.

Comparison operators: EQUAL TO ==, NOT EQUAL TO !=, LESS THAN <, GREATER THAN >, LESS THAN OR EQUAL TO <=, and GREATER THAN OR EQUAL TO >=.

Balance operator: <==>. This operator will point to the smaller number by indicating a 1 if the smaller number is on the right, -1 if the smaller number is on the left, or 0 if they are equal. Think of it like a number line as the arrows represent numbers increasing and decreasing to infinity and the equal signs representing the line, < -1 = 0 = 1 >.

Boolean operators: AND &&, OR ||, and NOT !.

Page 3 of 512345