The HTTP protocol has a list of response status codes to help communication between the server and the browser. Everytime a server responds to a browser request, a status code is sent. The most common ones are: “200” which means “Everything is ok, here is some food!” and “404” which
Category: Websites
leakedin.com is back online
I remember this evening… More than two years ago, at RSA Europe, I was sitting in the hotel bar with my friends Craig Balding and Brian Honan talking about everything and nothing. Which topic was at the source of this? It’s too old but I had the idea to register
Monitoring pastebin.com within your SIEM
For those who (still) don’t know pastebin.com, it’s a website mainly for developers. Its purpose is very simple: You can “paste” text on the website to share it with other developers, friends, etc. You paste it, optionally define an expiration date, if it’s public or private data and your are
Honeymail: Track Who’s Leaking Your E-mail Addresses
“E-mail”… What a wonderful online service! When I first connected to the Internet around 1994 (I’m feeling old writing this!), I was so exited to receive my first e-mail! Today, I’m very happy when I received less than 50 e-mails per day! E-mail has been, for years, associated with spam.
You Like? Spammers Like You Too!
Our best worst friend Facebook is full of resources. Not only for attackers but also spammers. The “I like” button became very popular on many personal (blogs) and professional websites. Basically, the purpose is simple and efficient: If you are logged on Facebook and visit a website which proposes an
Exchanging Files Safely with File Sharing Services
Back in December 2010. During the OWASP Benelux Day, Nick Nikiforakis presented an ongoing study about the privacy of file sharing services. Big players are services like rapidshare.com or megaupload.com. The principle is very simple: you upload your files to a virtual storage space in the cloud and you get
Pirate-moi.com
An interesting initiative from a small team of French guys active in information security. They are organizing a online contest called “Pirate-Moi” (“Hack Me“). The purpose is pretty the same as a classical CTF (“Capture The Flag“) contest held during security conferences: To hack a system! In this case, the
OWASP BeNeLux Day 2010 Wrap Up
Yesterday, the three OWASP Benelux chapters organized together their annual OWASP BeNeLux day. This edition was held at the Fontys Hogeschool in Eindhoven (NL). First detail of this year, the weather conditions! After more than three hours of driving on snowy roads, I finally reached Eindhoven. Just in time for
facebook.com Emails are Coming…
It has been announced by Facebook! E-mail addresses “@facebook.com” are coming! Scoop, I got some information leaked from a Facebook server: $ cd Ëœfacebookuser $ cat .procmailrc # All your emails are belong to us # — Mark Z. :0 * ^From.* { :0c ⎢/usr/local/bin/index.pl :0c ⎢/usr/local/bin/send_ads.pl :0c ^X-Privacy: yes
Searching for Sensitive Data Using URL Shorteners
URL Shorteners are online services which reduce the length of URL’s. Web applications are more and more complex and their URL’s can have multiple parameters like pages, sessionsID’s and much more. At the same time, we use services which limit the messages size (like Twitter) or devices (like SmartPhones) which