In association with heise online

03 May 2013, 16:06

Lost+Found: accessible pentesting and non-web Persona

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit


Too small for news, but too good to lose, Lost+Found is a compilation of the other stories that have been on The H's radar over the last seven days: non-web Persona use proposed, how to report a DDoS, laptops filled with porn, tracking ships, counting fake callers, PDF receipts, mainframe intrusion, and accessible pentesting...

  • Members of the IETF's Network Working Group are currently discussing a draft proposal to make Mozilla's Persona decentralised authentication protocol (aka BrowserID) accessible to locally installed business applications via common interfaces (SASL and GSS-API). At present, Persona can only be used for authentication in web applications.

  • ICANN explains how to report a DDoS attack. Very accessible self-help advice.

  • If a Chinese national carries a NASA computer, this person must be a spy and the computer must be full of government secrets – or porn.

  • Fake calls from alleged members of Microsoft's tech support are a nuisance. Some time ago, the Internet Storm Center created a form for targeted users in order to find out more about the callers. The current statistical summary: 93% of the phone scammers have an accent, and a total of 82% are male. Only 15% tried to solicit credit card details, but every second caller wanted to use remote management software to establish a connection to the potential victim's computer.

  • McAfee reports that a PDF file can use the JavaScript API to call a non-existent URL and send a kind of secret receipt confirmation when it is opened.

  • If you think that mainframe computers are as good as bulletproof, read on: on over 500 pages, Logica has documented a successful intrusion into at least two partitions of an IGM mainframe running z/OS via the internet. The attackers say that they harvested parts of the SPAR Swedish Population and Address Register, as well as customer information including credit card details.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit