Specialist Security Blog

A blog providing opinion, advice and research surrounding specialist information, security threats and challenges from 7Safe's technical experts.

  • Poodle

    POODLE: A new vulnerability in SSLv3

    Oct 07, 2014

    In October 2014, an OpenSSL vulnerability relating to Secure Socket Layer (SSL) was discovered by Bodo Moeller, Thai Duong and Krzysztof Kotowicz of Google Security. SSL is the standard security technology for establishing encrypted communications between a web browser and a web site, and ensures that the transmitted data remains private. It is used in a variety of websites, including online shopping and many other sites which processes your personal details. This issue only affects SSLv3, which has so far been widely considered secure.
  • shutterstock_208077409

    LinkedIn Breach Commentary

    Jun 08, 2012

    On 6 June 2012, LinkedIn confirmed the reports that it had been subject to a large-scale password compromise, with. hackers posting a file online that contained millions of “encrypted” passwords. Why “encrypted” in quotes? This posting explains why and, in doing so, how passwords can be safely stored.
  • hacksight

    Hacking Oracle From the Web: Part 2

    Oct 28, 2011

    The first sequel of this paper was released in 2010 and it discussed the privileges needed to execute OS code when exploiting a SQL Injection in a web application which has an Oracle back-end. This paper examines new techniques to execute multiple statements via SQL Injection. No special privileges are needed to use these techniques [...]
  • cyber_security_blog

    Youdetect Service Detects Illegal Acquisition of Multimedia

    Oct 05, 2011

    The illegal acquisition of multimedia by downloading streaming multimedia is one of the most common new developments in piracy but is yet to be responded to by the forensic community. YouTube Downloader (YTD) is currently the most prevalent software choice for illegally downloading multimedia content, assisting and supporting illegal downloading and multimedia piracy. YouDetect uses statistical [...]
  • New Paper to be revealed at Black Hat titled “The Art of Exploiting Lesser Known Injection Flaws”

    Jun 02, 2011

    For the second consecutive year, the world’s premier IT security event, Black Hat USA, has accepted a paper to be presented by the 7Safe Pentesting team. The new paper entitled “The Art of Exploiting Lesser Known Injection Flaws” will be revealed alongside a 3 hour hands-on workshop, to an audience who will be keen to [...]
  • Image_1004

    SQL Injection Explained

    May 05, 2011

    Watch this video tutorial produced by 7Safe’s training department to find out in simple terms what the SQL Injection vulnerability is and how real threats result from this typical exploitation. It features a sample exploitation scenario illustrating clear steps of what an attacker may do with a website which is vulnerable to SQL Injection. Parts [...]
  • information_security

    Hacking Oracle via Web Apps – New paper

    Feb 22, 2010

    Sumit Siddharth (Sid), who heads up 7Safe’s penetration testing team, has written a paper on hacking Oracle from web applications, describing various techniques like data extraction, privilege escalation and OS code execution. An video interview with Sid on the paper will be released later this week. You can download the paper from this page
  • software_security

    .msg to html batch conversion tool for eDisclosure

    Sep 14, 2009

    7Safe has developed an in-house tool that converts Microsoft .msg email files to html format in bulk, as part of our work in the edisclosure / ediscovery arena. Although there are some products on the market that fulfil similar functions, we needed something that was easily adjusted to accomodate technology changes and could satisfy the specific requirements of our legal [...]
Previous Page
Next Page