Protect against Cookiejacking | suggestion from microsoft

Protect against Cookie-jacking | suggestion from Microsoft

Some days ago, a security researcher found a microsoft's latest security risk named cookiejacking which allows cookiestealing. Microsoft is doing all it's research to patch this vulnerability of internet explore. This bug is in all versions of internet explorer. Clickjacking and social engineering techniques are then used to trick users into dragging the contents of the rogue iframes to containers on the same page controlled by the attackers. Read more about cookiejacking attack
Microsoft's Brandon LeBlanc say that the company is working on a patch. He also suggested to use  browser's InPrivate Browsing feature. The private browsing mode prevents access to cookie files already saved on the disk, but more importantly, it stores cookies for the active session in memory. This means that a page crafted for cookiejacking cannot access neither older cookies nor active ones, because there is no path to them

TECHNO TITANS !!!!!

Packt: A Publishing House for the Future

Since I first heard of them several years ago, I've viewed Packt as the underdog in the world of technical book publishing. In the past year or so, Packt seems to have gained greater and greater influence: their catalog continues to grow, they are attracting talented and knowledgeable engineers as authors, and their titles are things that I'm actually interested in.

Two examples of this are the books Expert Python Programming and Zenoss Core Network and System Monitoring. I received a copy of the former and blogged about my take on it. For the Zenoss book, last year I agreed to be a technical reviewer and am currently preparing a blog post on my pre- and post-publishing experiences.

In both cases, I agreed to work with Packt based solely on the technical merits of their works. However, my experience as a technical reviewer with them was so positive (I have had consistently excellent experiences with their staff over extended periods of time and on long-running conversations) that I have not only agreed to review more titles, but have read up on Packt themselves a bit. Here are some highlights from their wikipedia article:

• They published their first book in 2004 (the same year Ubuntu started!).
• Packt offers PDF versions of all of their books for download.
• When a book written on an open source project is sold, Packt pays a royalty directly to that project.
• As of March 2008, Packt's contributions to open source projects surpassed US $100,000 (I would love an updated stat on this, if anyone has a newer figure).
• They went DRM-free in March 2009.
• Packt supports and publishes books on smaller projects and subjects that standard publishing companies cannot make profitable.
• Their stream-lined business model aims to give authors high royalty rates and the opportunity to write on topics that standard publishers tend to avoid.
• Bonus: they also run the Open Source Content Management System Award.

These guys have some keys things going for them:

• They've got what appears to be a lean approach to business.
• They know how to effectively crowd-source, keeping their overhead low.
• They are rewarding both the authors as well as the open source projects.
• Their titles continue to grow in diversity and depth.
• The have an outstanding staff.

Oh, and I really like the user account management in their website! When I log in, I see a list of owned books, source code links for them, clear/clean UI, very easy to navigate. I can't emphasize this enough to vendors, service providers, etc.: if you want a loyal user base:

1. make a good product that lasts a long time;
2. make simple and great tools that enhance the experience of those products, that truly improve the experience of your users.

All in all, Packt really appear to be leaders in publishing innovation, taking lessons learned from the frontier of open source software and applying that to the older industry of publication production. I would encourage folks to evaluate Packt for themselves: if you like what you see, support them in readership and authorship :-)

I, for one, will continue to review titles that appeal to me personally and that I think others would enjoy as well. I have two books in the queue and three pending blog posts for the following titles:

• Zenoss Core Network and System Monitoring
• Python Testing Cookbook
• Python 3 Web Development Beginner's Guide

And who knows, if I feel like writing a technical book at some point, you may see me in the Packt catalog, too

TECHNO TITANS !!!!!!

download Ncrack - High-speed network authentication cracker

 

Ncrack - High-speed network authentication cracker

 

Ncrack is a high-speed network authentication cracking tool. It was built to help companies secure their networks by proactively testing all their hosts and networking devices for poor passwords. Security professionals also rely on Ncrack when auditing their clients. Ncrack was designed using a modular approach, a command-line syntax similar to Nmap and a dynamic engine that can adapt its behaviour based on network feedback. It allows for rapid, yet reliable large-scale auditing of multiple hosts.

Ncrack's features include a very flexible interface granting the user full control of network operations, allowing for very sophisticated bruteforcing attacks, timing templates for ease of use, runtime interaction similar to Nmap's and many more.

Ncrack was started as a "Google Summer of Code" Project in 2009. While it is already useful for some purposes, it is still unfinished, alpha quality software. It is released as a standalone tool and can be downloaded from below.

Download

 

TECHNO TITANS !!!!!!!!!!