Erata.NET » Security

Hardware-based brute force attacks

Iulian Margarintescu — Wed, 09 Feb 2011 14:52:44 +0000

I've found this image in a PDF presentation document and i feel like sharing:

Hardware-based brute force attacks

Source: http://www.tarsnap.com/scrypt/scrypt-slides.pdf by Colin Percival read full article

WordPress Exploit Scanner Plugin

Iulian Margarintescu — Tue, 03 Mar 2009 08:45:30 +0000

I've found a few days ago this plugin and i would like to share with everybody since it may help secure the web. This plugin scans the wordpress installation folder for paterns usualy found in exploits/throjans/malware web scripts. The plugin produces quite a few false positive alerts but also it's very easy to spot suspicious code in suspicious files. It would be nice if read full article

I gave up on Coppermine Gallery

Iulian Margarintescu — Fri, 27 Feb 2009 16:14:33 +0000

I used to use Coppermine Photo Gallery for http://gallery.erata.net but today i've decided to close it down. The number of vulnerabilities ( most of them critical ) discovered over the years got me thinking. You can see what i mean here http://www.milw0rm.com/search.php?dong=coppermine. 3 vulnerabilities found in the first two months of 2009. 4 in 2008. This remembers me of read full article

Web application security flows

Iulian Margarintescu — Thu, 12 Oct 2006 12:07:06 +0000

Here goes... my first security related post :)

Intro

First i must say that this will not be a way to prove that your application is secure, it will only be a quick & dirty way of finding common bugs in web applications. The following will be a few techniques that i tend to use the first time i see an web application ( and generally a database application ). I will use PHP for the few code examples but the vulnerabilities presented are not limited to PHP, in fact are independent of the server-side programming language used. read full article