Comments for Favorite Rss! http://www.favoriterss.com Read your favorite RSS feeds ! Fri, 12 Mar 2010 03:54:38 -0700 http://wordpress.org/?v=2.9.2 hourly 1 Comment on Writing Security Tools and Exploits by Marco De Vivo http://www.favoriterss.com/2010/03/12/writing-security-tools-and-exploits/comment-page-1/#comment-10420 Marco De Vivo Fri, 12 Mar 2010 03:54:38 +0000 http://www.favoriterss.com/2010/03/12/writing-security-tools-and-exploits/#comment-10420 Would like just to tell how good this book is (and it is indeed), but I am very disappointed by the fact that no CD is actually included and the companion Web site doesn't seem to exist either. !! <br /> <br />The Editorial review claims: <br /> <br />"The book is accompanied with a companion Web site containing both commented and uncommented versions of the source code examples presented throughout the book. In addition to the book source code, the CD also contains a copy of the author-developed Hacker Code Library v1.0." <br /> <br />Well, sorrily, that's NOT true. <br /> <br />Perhaps this confusion is due to changes resulting from the merge of Syngress with ORA, but still not fair with buyers. <br /> <br />Otherwise, if you, like me, are a researcher (or just interested) in the "secure code" area, then buy the book in spite of all. <br /> <br />By far it is the very best book written about these issues. Best in the sense of most useful. Well designed organized, with in deep study of vulnerabilities and associated exploit codes. Shellcode is explained in a rich and fresh way and the Why, How and When of shellcode are explained under an integrated framework. <br /> <br />NASL and MSF are explained and used in detailed and useful examples, and IMHO, this book presents the most easy, clear and condensed explanation about the Race Conditions, Format Strings, and Buffer Overflows problems I ever read yet. <br /> <br />Warning: Not an entry level book. You need to be familiar with several software and hardware architecture concepts to obtain full benefits from it. Rating: 5 / 5 Would like just to tell how good this book is (and it is indeed), but I am very disappointed by the fact that no CD is actually included and the companion Web site doesn’t seem to exist either. !!

The Editorial review claims:

“The book is accompanied with a companion Web site containing both commented and uncommented versions of the source code examples presented throughout the book. In addition to the book source code, the CD also contains a copy of the author-developed Hacker Code Library v1.0.”

Well, sorrily, that’s NOT true.

Perhaps this confusion is due to changes resulting from the merge of Syngress with ORA, but still not fair with buyers.

Otherwise, if you, like me, are a researcher (or just interested) in the “secure code” area, then buy the book in spite of all.

By far it is the very best book written about these issues. Best in the sense of most useful. Well designed organized, with in deep study of vulnerabilities and associated exploit codes. Shellcode is explained in a rich and fresh way and the Why, How and When of shellcode are explained under an integrated framework.

NASL and MSF are explained and used in detailed and useful examples, and IMHO, this book presents the most easy, clear and condensed explanation about the Race Conditions, Format Strings, and Buffer Overflows problems I ever read yet.

Warning: Not an entry level book. You need to be familiar with several software and hardware architecture concepts to obtain full benefits from it.
Rating: 5 / 5

]]> Comment on Writing Security Tools and Exploits by Daniel McKinnon http://www.favoriterss.com/2010/03/12/writing-security-tools-and-exploits/comment-page-1/#comment-10419 Daniel McKinnon Fri, 12 Mar 2010 02:51:38 +0000 http://www.favoriterss.com/2010/03/12/writing-security-tools-and-exploits/#comment-10419 If you are an IT professional that needs to learn more about security exploitation and how people can get in and abuse your system, this is a great book for this purpose. Very technical book, not for beginners!! <br /> <br />If you work in IT and want to learn about how to keep the hackers out, this text is a worthwhile read for you <br /> <br />**** RECOMMENDED Rating: 4 / 5 If you are an IT professional that needs to learn more about security exploitation and how people can get in and abuse your system, this is a great book for this purpose. Very technical book, not for beginners!!

If you work in IT and want to learn about how to keep the hackers out, this text is a worthwhile read for you

**** RECOMMENDED
Rating: 4 / 5

]]> Comment on Article Marketing – 5 amazing secrets to grow your article marketing by Eleccysmith http://www.favoriterss.com/2010/03/11/article-marketing-5-amazing-secrets-to-grow-your-article-marketing/comment-page-1/#comment-10413 Eleccysmith Fri, 12 Mar 2010 01:00:52 +0000 http://www.favoriterss.com/2010/03/11/article-marketing-5-amazing-secrets-to-grow-your-article-marketing/#comment-10413 Nice Video. Check out TubeViews (dotnet) If you need your video exposed, It has really helped me a bunch. Be blessed! Have you heard of this program that actually send thousands of text messages advertising your business for you, i think the url is w w w . a u t o t e x t s e n d e r . c o m Nice Video. Check out TubeViews (dotnet) If you need your video exposed, It has really helped me a bunch. Be blessed!

Have you heard of this program that actually send thousands of text messages advertising your business for you, i think the url is w w w . a u t o t e x t s e n d e r . c o m

]]> Comment on Article Marketing – 5 amazing secrets to grow your article marketing by Marileexc http://www.favoriterss.com/2010/03/11/article-marketing-5-amazing-secrets-to-grow-your-article-marketing/comment-page-1/#comment-10412 Marileexc Fri, 12 Mar 2010 00:34:23 +0000 http://www.favoriterss.com/2010/03/11/article-marketing-5-amazing-secrets-to-grow-your-article-marketing/#comment-10412 I really liked your channel and this video. If you need any help getting this video exposed I use a site called tubeviews.(net) It has really helped like 20 of my main videos get to the top in position. Its nice. Nice. I really liked your channel and this video. If you need any help getting this video exposed I use a site called tubeviews.(net) It has really helped like 20 of my main videos get to the top in position. Its nice.

Nice.

]]> Comment on Centenarian Chicago alderman marvels about the computer technology by sakares http://www.favoriterss.com/2010/03/11/centenarian-chicago-alderman-marvels-about-the-computer-technology/comment-page-1/#comment-10410 sakares Fri, 12 Mar 2010 00:30:07 +0000 http://www.favoriterss.com/2010/03/11/centenarian-chicago-alderman-marvels-about-the-computer-technology/#comment-10410 cool, he is completly coherent cool, he is completly coherent

]]> Comment on Article Marketing – 5 amazing secrets to grow your article marketing by typemiderd http://www.favoriterss.com/2010/03/11/article-marketing-5-amazing-secrets-to-grow-your-article-marketing/comment-page-1/#comment-10411 typemiderd Thu, 11 Mar 2010 23:59:36 +0000 http://www.favoriterss.com/2010/03/11/article-marketing-5-amazing-secrets-to-grow-your-article-marketing/#comment-10411 Nice Video. I really liked your video youtube can be a great asset for you. If you need any help getting your video exposed check out this site called tubeviews [dot net] It has really done wonders for me, I have build 3 channels up with videos at top in position and this is my forth channel i'm going to working on. This rox... Thank you very much. Nice Video. I really liked your video youtube can be a great asset for you. If you need any help getting your video exposed check out this site called tubeviews [dot net] It has really done wonders for me, I have build 3 channels up with videos at top in position and this is my forth channel i’m going to working on.

This rox… Thank you very much.

]]> Comment on Centenarian Chicago alderman marvels about the computer technology by vertxxgg http://www.favoriterss.com/2010/03/11/centenarian-chicago-alderman-marvels-about-the-computer-technology/comment-page-1/#comment-10409 vertxxgg Thu, 11 Mar 2010 23:41:15 +0000 http://www.favoriterss.com/2010/03/11/centenarian-chicago-alderman-marvels-about-the-computer-technology/#comment-10409 tecno tecno but notthing comparable to old shellacs running at 78 and exponential beauty horns of old grammophone...trains foaming n old automobils¡ tecno tecno but notthing comparable to old shellacs running at 78 and exponential beauty horns of old grammophone…trains foaming n old automobils¡

]]> Comment on Ajax Security by Robert Ragan http://www.favoriterss.com/2010/03/11/ajax-security/comment-page-1/#comment-10365 Robert Ragan Thu, 11 Mar 2010 13:42:35 +0000 http://www.favoriterss.com/2010/03/11/ajax-security/#comment-10365 Are you a web developer? Do you believe you can ensure that your client-side code will function as expected? Well, you are wrong. In Ajax Security you will find out why. <br /> <br />Ajax changes the game in that it moves business logic to the client. In doing so it increases the attack surface of the application. The authors get curious with some real world Ajax frameworks such as Prototype, Dojo, and Microsoft Ajax. They demonstrate with these frameworks how developers might be unknowingly building vulnerabilities into their applications. If you're home brewing Ajax, the authors cover important security considerations you'll need to know so that you don't make the same mistakes the industry leaders have made. <br /> <br />I learned a lot about JavaScript from reading this book. I learned even more about how JavaScript can be used maliciously. The authors describe techniques for function clobbering, JSON hijacking, storage attacks, and presentation layer attacks. One of my favorite parts of the book, not to mention one of the scariest, is an explanation of how to hide malicious JavaScript from signature based anti-virus software. <br /> <br />The authors explain why the Same-Origin Policy is broken and how it can be subverted. Also covered are security considerations for offline applications. An in-depth analysis of Ajax worms is covered. If you are curious about how Ajax is changing web security you should read this book. If your are a web developer or a security professional you should read this book, even if you aren't using Ajax. If you don't believe cross-site scripting is a "big deal", I dare you to read this book and maintain the same opinion. <br /> Rating: 5 / 5 Are you a web developer? Do you believe you can ensure that your client-side code will function as expected? Well, you are wrong. In Ajax Security you will find out why.

Ajax changes the game in that it moves business logic to the client. In doing so it increases the attack surface of the application. The authors get curious with some real world Ajax frameworks such as Prototype, Dojo, and Microsoft Ajax. They demonstrate with these frameworks how developers might be unknowingly building vulnerabilities into their applications. If you’re home brewing Ajax, the authors cover important security considerations you’ll need to know so that you don’t make the same mistakes the industry leaders have made.

I learned a lot about JavaScript from reading this book. I learned even more about how JavaScript can be used maliciously. The authors describe techniques for function clobbering, JSON hijacking, storage attacks, and presentation layer attacks. One of my favorite parts of the book, not to mention one of the scariest, is an explanation of how to hide malicious JavaScript from signature based anti-virus software.

The authors explain why the Same-Origin Policy is broken and how it can be subverted. Also covered are security considerations for offline applications. An in-depth analysis of Ajax worms is covered. If you are curious about how Ajax is changing web security you should read this book. If your are a web developer or a security professional you should read this book, even if you aren’t using Ajax. If you don’t believe cross-site scripting is a “big deal”, I dare you to read this book and maintain the same opinion.

Rating: 5 / 5

]]> Comment on Ajax Security by Francois Piat http://www.favoriterss.com/2010/03/11/ajax-security/comment-page-1/#comment-10364 Francois Piat Thu, 11 Mar 2010 11:22:25 +0000 http://www.favoriterss.com/2010/03/11/ajax-security/#comment-10364 A lot of examples shows how absolutely everything could be attacked and corrupted in the chain of components used for building ajax applications, from css (yes even css) to html, from javascript to http, from browser to server ... Sometimes there's too much lines about evident things and sometimes things seems more proof of concept than real possible attacks. But these guys know what they are talking about. This is an excellent book that every serious ajax developer must have read, specially if they plan to make mashups or let their users bring and share things using their applications. Rating: 4 / 5 A lot of examples shows how absolutely everything could be attacked and corrupted in the chain of components used for building ajax applications, from css (yes even css) to html, from javascript to http, from browser to server … Sometimes there’s too much lines about evident things and sometimes things seems more proof of concept than real possible attacks. But these guys know what they are talking about. This is an excellent book that every serious ajax developer must have read, specially if they plan to make mashups or let their users bring and share things using their applications.
Rating: 4 / 5

]]> Comment on Ajax Security by Shlomo Yona http://www.favoriterss.com/2010/03/11/ajax-security/comment-page-1/#comment-10363 Shlomo Yona Thu, 11 Mar 2010 10:03:46 +0000 http://www.favoriterss.com/2010/03/11/ajax-security/#comment-10363 The book is nicely organized and gives a very clear introduction to concepts of web application security, including listing major vulnerabilities and attack vectors and then after establishing these basics it dives in with examples, details and tips to explain Ajax, its usage, its mis-usage and the security implications. The attack vectors are not only mentioned or explained in theory, they are given an example story as context, and for understanding attackers' motivation, and then carefully detail the technical aspects to form a clear picture of the problem which then prepares the reader to understand and accept the suggested "dos and don'ts". <br /> <br />The book gives good attention to a bigger picture: JavaScript's capabilities and limitations, the impact of the available variety of browsers, development frameworks, social aspects and more. Even QA of JavaScript and Ajax application is mentioned, though, I think that such a topic cannot be sufficiently covered in a single overview chapter (in this book the authors tried to give an overview while presenting a few tools and discussing their advantages and disadvantages), and is well deserved to be covered in detail and with a lot of examples in a separate title. <br /> <br />I especially appreciated the good job that the authors did, in my opinion, to convey, what I think is the most important security related detail about JavaScript and Ajax: Never ever trust anything that is being executed, stored and calculated on the client side! <br /> <br />I found the book to be more than just a source of information, something that will bring me up to speed with the field's jargon. I found it to be inspiring. I cannot wait for a similar book on browser plug-in security. I hope that the authors have something like that cooking already. <br /> <br />The book, as you might understand already, is highly recommended. Rating: 5 / 5 The book is nicely organized and gives a very clear introduction to concepts of web application security, including listing major vulnerabilities and attack vectors and then after establishing these basics it dives in with examples, details and tips to explain Ajax, its usage, its mis-usage and the security implications. The attack vectors are not only mentioned or explained in theory, they are given an example story as context, and for understanding attackers’ motivation, and then carefully detail the technical aspects to form a clear picture of the problem which then prepares the reader to understand and accept the suggested “dos and don’ts”.

The book gives good attention to a bigger picture: JavaScript’s capabilities and limitations, the impact of the available variety of browsers, development frameworks, social aspects and more. Even QA of JavaScript and Ajax application is mentioned, though, I think that such a topic cannot be sufficiently covered in a single overview chapter (in this book the authors tried to give an overview while presenting a few tools and discussing their advantages and disadvantages), and is well deserved to be covered in detail and with a lot of examples in a separate title.

I especially appreciated the good job that the authors did, in my opinion, to convey, what I think is the most important security related detail about JavaScript and Ajax: Never ever trust anything that is being executed, stored and calculated on the client side!

I found the book to be more than just a source of information, something that will bring me up to speed with the field’s jargon. I found it to be inspiring. I cannot wait for a similar book on browser plug-in security. I hope that the authors have something like that cooking already.

The book, as you might understand already, is highly recommended.
Rating: 5 / 5

]]>