'Vulnerability'에 해당되는 글 8건

  1. 2012.09.25 HTML5 Security & Mobile by CEOinIRVINE
  2. 2010.04.02 Computer Security Consulting by CEOinIRVINE
  3. 2009.09.04 SQL Vulnerability Leaves Passwords In The Clear, Researchers Say by CEOinIRVINE
  4. 2008.12.18 Microsoft Internet Explorer Data Binding Vulnerability by CEOinIRVINE
  5. 2008.11.27 Google Chrome MetaCharacter URI obfuscation vulnerability. by CEOinIRVINE
  6. 2008.11.26 Google Chrome MetaCharacter URI Obfuscation by CEOinIRVINE
  7. 2008.11.21 Investigation of Vulnerabilities by CEOinIRVINE
  8. 2008.09.30 Risk, Threat, Vulnerability by CEOinIRVINE

HTML5 Security & Mobile

Hacking 2012. 9. 25. 04:56

Last week, I discussed some of the new, exciting functionality that is available as part of HTML5 and how it applies to the enterprise.  While this new functionality presents several new opportunities to change how content and functionality is delivered to employees and customers, there are security and compatibility concerns that must be understood prior to embarking on a great HTML5 journey.
 
Today, we'll discuss some of the more common security concerns raised as part of the HTML5 specification as well as compatibility issues you may face while implementing some of the new HTML5 components.  In some cases, I'll include notes on how certain issues can be avoided.
 
Security
The new benefits of HTML5 aren't without their security concerns and potential for abuse.  Some of the concerns below may not be applicable for mobile apps deployed at the enterprise level, but worth reviewing nonetheless.
  • Web Storage: To the point, there are security concerns with client-side storage.  There is a large potential for abuse if not implemented properly. Here are some security concerns that should be reviewed as part of planning and design.  Keep this in mind while reading (credit toOpera for the verbiage), origin is the tuple of scheme/host/port.  Thus, http://captechventures.com, http://blogs.captechventures.com, https://captechventures.com and http://captechventures.com:80 are all different origins.
    • Storage is assigned on a per origin basis so DNS spoofing is possible which would allow intruders access to a users data. SSL can be used to prevent this.
    • While this will probably not be an issue in the enterprise (since Geocities has left us - moment of silence), Web Storage should not be used where more than one user is using different pathnames on one domain.  For example, if I implemented Web Storage at captechventures.com/nathan/ it would be accessible by captechventures.com/jones/ (note: not valid URLs).
    • Databases are stored locally, on the client, which allows would-be attackers to download a copy of your database and create very precise attacks by issuing plain SQL statements. There's no need to employ injection techniques when you have the database. While this may not immediately impact mobile devices (retrieving content from them is not straight-forward), proper security should be put in place - phone locks, data retention periods (e.g. if the new lead has been sent to the CRM system, wipe it from the local database), etc.
    • The fact that the database resides on the client also opens up the potential for attacks on your backend enterprise systems. Your schema is now widely known; very targeted, malicious queries can be created.  Proper consideration should be given to your mobile storage design - client-side storage should only store a small subset of what may be available at an enterprise level.  Therefore, design a new schema specific to that subset rather than deploying your enterprise design.  
  • Cross-Domain Capabilities: The new capabilities in HTML5 such as canvas, audio and video make it easy to access content across domains and continue to 'mashup' information.  However, this could introduce information leakage.  There are safe-guards being put in place to help prevent information leakage.  For example, the canvas element contains an attribute called origin-clean which indicates whether the content originates from a different origin (see Opera's explanation of origin above) or not.  If the origin-clean flag is set to false, calling the toDataURL() or getImageData() methods of the element would raise a SECURITY_ERRexception.
  • Geolocation: Geolocation presents a host of privacy concerns - you're pinpointing  the location of the device and therefore the user. While not always 100% accurate, geolocation should be used sparingly, requesting location information only when absolutely necessary to improve the user experience.  Proper warnings and terms must be included to make the user aware that you are storing location information and potential consequences.  Broadcasting that you're home (GPS coordinates included) once a day for months and then telling the world you're in Maui on vacation may have unfortunate consequences.
  • Forms: Javascript is client-side code and, as such, you lose a lot of control. While client-side validation, especially on a mobile device, can be powerful you should always validate form submissions server-side to ensure integrity.  Yes, this may require an extra round-trip, on occasion, but if someone has malicious intent, I wouldn't worry if they eat another 120KB of their data plan.
  • KeyGen: This is a post for another day, but HTML5 also includes the keygen element which facilitates the creation of private and public keys for identity verification - think enterprise security, banking, etc.  You should note that adoption is not standardized, documentation is sparse, and Microsoft has even asked that it be removed from the HTML5 specification all-together.  Here is one link I found useful if you're itching to dig deeper.
Compatibility
Creating a web-based version of a mobile application is quicker and typically more cost effective to deploy than platform native applications. Firstly, you don't need an in-house Objective-C developer and iPhone OS (iPad/iPod included) API guru, Java developer, and someone versed in thecumbersome Blackberry API's.  HTML5 web-applications, simplistically speaking, require a web developer and web designer. Secondly, you don't have a platform specific approval process to battle.  Consider the source, but even Google's VP of Engineering points out that not many companies are rich enough to build native apps in support of each mobile platform.
 
That being said, there are compatibility issues to consider when looking at HTML5 for your mobile application.  HTML5 is still in draft status and is not supported by all mobile browsers.  Mobile Safari (iPhone), the Android browser support quite a few, but not all, changes in the HTML5 specification.  Opera Mini supports some (currently, around 10%) but is constantly evolving and was recently approved for use on the iPhone. IE Mobile 6.0 still doesn't appear to have much support for HTML5.  I'm still researching what will be available as part of the new Windows Mobile version 7.0, but am not holding my breath.
 
Blackberry is beginning to implement some of the specification (e.g. the datalist element), in some of it's browsers but it's still not ready for prime time.  With multiple versions of their browser running on multiple versions of the OS, building for the Blackberry will be challenge. This has been heralded as one of the biggest obstacles for HTML5 to overcome in order to go mainstream.  In my humble opinion, as Android and the iPhone continue to gain market share, Blackberry will pick up the pace of innovation.
 
In the mean time, creating a lighter version for Windows Mobile and Blackberry, while frustrating, is an option.  Another potential option would be to deploy Opera Mini to your Windows and Blackberry devices. It runs on each platform and, while it only supports about 10% of the specification now, it is evolving. Remember, Opera was a core contributor to Web Applications 1.0.

If you're interested in discussing how CapTech can help mobilize your enterprise, contact Jack Cox, the Mobile Service Offering lead.


'Hacking' 카테고리의 다른 글

Samsung Galaxy S III Hacking  (0) 2012.09.27
HTML5 Top 3 Vulnerability  (2) 2012.09.25
Burp Suite Tutorial – The Intruder Tool  (7) 2012.08.10
Understanding the iOS Security Architecture  (0) 2012.08.08
Cydia Repositories  (7) 2012.08.05
Posted by CEOinIRVINE
l

Computer Security Consulting

Hacking 2010. 4. 2. 08:21

www.richjustin.com

'Hacking' 카테고리의 다른 글

SSH JAVA APPLET http://javassh.org/space/start  (1) 2010.04.23
Malware Analysis  (0) 2010.04.23
Update Snort  (0) 2010.03.04
BASE 2010.3.3. Wed  (1) 2010.03.04
Snort IDS Installation  (0) 2010.03.04
Posted by CEOinIRVINE
l

SQL Vulnerability Leaves Passwords In The Clear, Researchers Say

Hacking 2009. 9. 4. 04:29

SQL Vulnerability Leaves Passwords In The Clear, Researchers Say

With no patch forthcoming from Microsoft, Sentrigo launches workaround for flaw

Sep 02, 2009 | 05:02 PM

By Tim Wilson
DarkReading

A vulnerability in Microsoft SQL Server could enable any user with administrative privileges to openly see the unencrypted passwords of all other users, researchers said today.

Researchers at database security vendor Sentrigo say that in SQL Server 2000 or 2005, administrators can view all of the passwords used since the server went online by reviewing its process memory. Under SQL Server 2008, the problem has been partially fixed, but an administrator with local access and a simple debugger could still view the passwords, Sentrigo says.

The vulnerability is most likely an insider threat because it requires administrative privileges, says Slavik Markovich, CTO of Sentrigo. However, it is also possible for a hacker to take advantage of the flaw by exploiting SQL injection, he says.

The flaw may not directly affect the data in the database, since an administrator would have access to that data already, Slavik says. But many people reuse their passwords for other applications, and it is possible that the vulnerability might lead to the compromise of other users' work or personal accounts.

"Worst case, it might lead to one administrator stealing bank account data from another administrator," Slavik says. "People are not supposed to reuse their passwords, but it's a reality that they do."

The Sentrigo researchers found the vulnerability last September and informed Microsoft, Slavik says. However, after nearly a year of discussion, Microsoft has indicated that it considers the issue to be "minor" and has no plans to issue a specific patch, he says.

"We did not agree with Microsoft's classification of this vulnerability as a minor issue, and felt that it was in the best interest of SQL Server users to make the vulnerability public and provide a utility to remove the passwords from memory," Sentrigo says. "If we discovered this information, there is a high likelihood others [who may not be as ethical] could find it as well and abuse it."

Sentrigo feels that the vulnerability is a danger because so many users employ the same passwords for multiple applications, and because so many breaches are engineered by privileged users and administrators.

"Many applications are deployed with administrative privileges," Sentrigo observes. "Hackers using a simple SQL injection vulnerability can now access administrative passwords, which may be used to penetrate other systems on the network, escalating the breach. This is even worse in the case of SQL Server 2000 and 2005, where this can be done remotely.

"Since Microsoft doesn't have immediate plans to fix this vulnerability, we felt that the knowledge regarding its existence -- together with a free utility to repair it -- should be available to the public sooner than later," Sentrigo says.

One well-known security researcher, who requested anonymity, disagrees. "This seems like a nonissue," the researcher says. "Anyone with the ability to read process memory would also have the ability to just hook the authentication code and capture passwords that way. For once, Microsoft is right to ignore it."

Sentrigo acknowledges that administrators have the authority to reset passwords, but "there is a big difference between being able to reset a password to either a system-generated password which the administrator would not see (or to a password the administrator chooses) and actually seeing a user's personal password," the researchers say. "The latter involves much greater risk, including access to additional systems the password may be used on, potentially enabling access to user's private data, such as bank or brokerage accounts."

The Sentrigo fix, which the company has dubbed Passwordizer, replaces the password data with asterisks, making it impossible for administrators to read the passwords in memory. The utility is available now for free and works on any version of SQL Server.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

'Hacking' 카테고리의 다른 글

Regarding Online Game Security  (0) 2009.10.02
Flaw In Sears Website Left Database Open To Attack  (0) 2009.09.04
Penetration Testing Service  (0) 2009.09.04
URL Encoding  (0) 2009.06.10
Hacking with Javascript 2005.FEB.  (0) 2009.06.09
Posted by CEOinIRVINE
l

Microsoft Internet Explorer Data Binding Vulnerability

Hacking 2008. 12. 18. 11:56
----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


                   National Cyber Alert System

                 Cyber Security Alert SA08-352A


Microsoft Internet Explorer Data Binding Vulnerability

  Original release date: December 17, 2008
  Last revised: --
  Source: US-CERT


Systems Affected

    * Microsoft Internet Explorer
    * Microsoft Outlook Express
    * Other software that uses Internet Explorer components to render documents


Overview

  A vulnerability in Internet Explorer could allow an attacker to
  take control of your computer.


Solution

  Apply an update

  The updates to address these vulnerabilities are available on the
  Microsoft Update site. We recommend enabling Automatic Updates.

  Disable Active Scripting  This vulnerability can be mitigated by
  disabling Active Scripting in the Internet Zone, as specified in
  the Securing Your Web Browser document. Note that this will not
  block the vulnerability, but it will help to protect your computer
  against a common method used to execute this vulnerability.
  Enable DEP in Internet Explorer 7  Enabling DEP in Internet
  Explorer 7 on Windows Vista can help mitigate this vulnerability by
  making it more difficult to achieve code execution using this
  vulnerability.


Description

  When rendering certain documents, Internet Explorer may crash or
  allow an attacker to run code on your computer. The attacker could
  install malicious software or access sensitive personal
  information. Attackers are actively exploiting this vulnerability.

  For more technical information, see US-CERT Technical Alert
  TA08-352A and US-CERT Vulnerability Note VU#493881.


References

 * US-CERT Technical Cyber Security Alert TA08-352A -
  <http://www.us-cert.gov/cas/techalerts/TA08-352A.html>

 * Microsoft Security Bulletin MS08-078 -
  <https://www.microsoft.com/technet/security/bulletin/ms08-078.mspx>

 * US-CERT Vulnerability Note VU#493881 -
  <http://www.kb.cert.org/vuls/id/493881>

 * Securing Your Web Browser -
  <https://www.us-cert.gov/reading_room/securing_browser/#Internet_Explorer>

 ______________________________
______________________________________

  The most recent version of this document can be found at:

    <http://www.us-cert.gov/cas/alerts/SA08-352A.html>
 ____________________________________________________________________

  Feedback can be directed to US-CERT Technical Staff. Please send
  email to <cert@cert.org> with "SA08-352A Feedback VU#493881" in
  the subject.
 ____________________________________________________________________

  For instructions on subscribing to or unsubscribing from this
  mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
 ____________________________________________________________________

  Produced 2008 by US-CERT, a government organization.

  Terms of use:

    <http://www.us-cert.gov/legal.html>
 ____________________________________________________________________

Revision History

 December 17, 2008: Initial release


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBSUlp8HIHljM+H4irAQKhqgf+N88zl28wMhyNfYPgA/3Wh6ndEntBvFaf
LHlHCbKYo6g77Nu6JtMNxG+FFk19dsRHXAdw4y22W9Tkt3VegyeKBnn+w5V2I1FO
JCA4HUo+TUmyQJPy2VsRlyogqMml2OA+pqImcUADMQQfgg92QskaHtE02KNjucRj
GR8OC7S6bkQ7igEaT8RPKhb671Z5Vd3PvB3zuiSzfT8eWonBogDa0dI0tpAdvPKS
OWpNmtxCvgv7fN3vUWOHgKMTM8pLYSyMunrcHBEhY31qb34+DPYqz3KAPUdcncUd
fRsaum80D8ansP+rsKcCA/0qsLfGkyqQMt/Z6tQDtshmtCLwSegpmw==
=Vokc
-----END PGP SIGNATURE-----

'Hacking' 카테고리의 다른 글

Mozilla Firefox 2 Multiple Vulnerabilities  (0) 2008.12.18
Red Hat Update for Kernel  (0) 2008.12.18
PE Format Analysys  (0) 2008.12.18
Buffer Overflow  (0) 2008.12.18
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities  (0) 2008.12.17
Posted by CEOinIRVINE
l

Google Chrome MetaCharacter URI obfuscation vulnerability.

Business 2008. 11. 27. 03:43
POC Google Chrome MetaCharacter URI Obfuscation Vulnerability.

Google Chrome MetaCharacter URI Obfuscation Vulnerability.

(C) SecNiche Security / Proof of Concept

By:- Aditya K Sood.

This POC has been designed with minimum object usage. This can be made more critical dependent on the object usage.

Check the Status Bar for Address Problem. Have a Look at the Source too.

The Indepth Concept of this Vulnerablility.

Look at POC.

Link1 : http://www.google.com%00@milw0rm.com

Link2 : http://www.google.com@yahoo.com

Link3 : ftp://anoymous:guest@microsoft.com

 Check the Status Bar for Address Problem,

Specifcally Tested on 0.4.154.25 [Latest]

Other Version Tested:

Official Build 1798
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US)
AppleWebKit/525.13 (KHTML, like Gecko)
Chrome/0.2.149.29 Safari/525.13

Official Build 2200
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US)
AppleWebKit/525.13 (KHTML, like Gecko)
Chrome/0.2.149.30 Safari/525.13

'Business' 카테고리의 다른 글

Diagnoses Of Cancer Decline in The U.S.  (0) 2008.11.27
New Data Show Continuing Decline in U.S. Spending  (0) 2008.11.27
Food Stamp Use Nears Record  (0) 2008.11.26
U.S. Moves to Revive Consumer Lending  (0) 2008.11.26
Ban on GM employee stock purchases is extended  (0) 2008.11.26
Posted by CEOinIRVINE
l

Google Chrome MetaCharacter URI Obfuscation

Hacking 2008. 11. 26. 03:39

 

If you use Google chrome version 0.2.149.27-30, please upgrade to the recent one.

Regards,

 

 

 

 

 

Google Chrome MetaCharacter URI Obfuscation Vulnerability

------------------------------------------------------------------------

 

 

SUMMARY

 

Google chrome is vulnerable to URI Obfuscation vulnerability. An attacker can easily perform malicious redirection by manipulating the browser functionality. The link can not be traversed properly in status address bar.This could facilitate the impersonation of legitimate web sites in order to steal sensitive information from unsuspecting users. The URI specified with @ character with or without NULL character causes the vulnerability.

 

DETAILS

 

Vulnerable Systems:

 * Chrome version 0.2.149.30

 * Chrome version 0.2.149.29

 * Chrome version 0.2.149.27

 

Proof of Concept:

Link1:  ftp://anoymous:guest@microsoft.com

Link2: [Without NULL] | http://www.google.com@yahoo.com | [Google --> Yahoo [Obfuscation]]

Link3: http://www.secniche.org%00@www.milw0rm.com [With NULL] SecNiche --> Milw0rm [Obfuscation]

 

 

 


'Hacking' 카테고리의 다른 글

Creating a Computer Security Incident Response Team: A Process for Getting Started  (0) 2008.11.29
Overview of U.S. Federal Laws  (0) 2008.11.26
Manually Unpacking a Morphine-Packed DLL with OllyDbg  (1) 2008.11.23
Dynamic-Link Library Creation  (0) 2008.11.21
Comercial Vulnerability Alerts  (0) 2008.11.21
Posted by CEOinIRVINE
l

Investigation of Vulnerabilities

Hacking 2008. 11. 21. 03:31

Investigation of Vulnerabilities

New vulnerabilities in network services are disclosed daily to the security community and the underground alike through Internet mailing lists and various public forums. Proof-of-concept tools are often published for use by security consultants, whereas full-blown exploits are increasingly retained by hackers and not publicly disclosed in this fashion.

The following web sites are extremely useful for investigating potential vulnerabilities within network services:

SecurityFocus (http://www.securityfocus.com)
milw0rm (http://www.milw0rm.com)
Packet Storm (http://www.packetstormsecurity.org)
FrSIRT (http://www.frsirt.com)
MITRE Corporation CVE (http://cve.mitre.org)
NIST National Vulnerability Database (http://nvd.nist.gov)
ISS X-Force (http://xforce.iss.net)
CERT vulnerability notes (http://www.kb.cert.org/vuls)

'Hacking' 카테고리의 다른 글

Dynamic-Link Library Creation  (0) 2008.11.21
Comercial Vulnerability Alerts  (0) 2008.11.21
1.4. Assessment Service Definitions  (0) 2008.11.21
Snort Configuration : Linux  (0) 2008.11.18
TOP SQL injection tool lists [15]  (0) 2008.11.12
Posted by CEOinIRVINE
l

Risk, Threat, Vulnerability

IT 2008. 9. 30. 03:32
Let's start with NIST publication SP 800-30: Risk Management Guide for Information Technology Systems. In the text we read:

"Risk is a function of the likelihood of a given threat-source's exercising a particular potential vulnerability, and the resulting impact of that adverse event on the organization. To determine the likelihood of a future adverse event, threats to an IT system must be analyzed in conjunction with the potential vulnerabilities and the controls in place for the IT system."

The document outlines common threats:

  • Natural Threats: Floods, earthquakes, tornadoes, landslides, avalanches, electrical storms, and other such events.
  • Human Threats Events that are either enabled by or caused by human beings, such as unintentional acts (inadvertent data entry) or deliberate actions (network based attacks, malicious software upload, unauthorized access to confidential information).
  • Environmental Threats: Long-term power failure, pollution, chemicals, liquid leakage.

I see no mention of software weaknesses or coding problems there. So how does NIST define a vulnerability?

"Vulnerability: A flaw or weakness in system security procedures, design, implementation, or internal controls that could be exercised (accidentally triggered or intentionally exploited) and result in a security breach or a violation of the system's security policy."

The NIST pub's threat-vulnerability pairings table makes the difference between the two terms very clear:



SP 800-30 talks about how to perform a risk assessment. Part of the process is threat identification and vulnerability identification. Sources of threat data include "history of system attack, data from intelligence agencies, NIPC, OIG, FedCIRC, and mass media," while sources of vulnerability data are "reports from prior risk assessments, any audit comments, security requirements, and security test results."

The end of SP 800-30 provides a glossary:


  • Threat: The potential for a threat-source to exercise (accidentally trigger or intentionally exploit) a specific vulnerability.
  • Threat-source: Either (1) intent and method targeted at the intentional exploitation of a vulnerability or (2) a situation and method that may accidentally trigger a vulnerability.
  • Threat Analysis: The examination of threat-sources against system vulnerabilities to determine the threats for a particular system in a particular operational environment.
  • Vulnerability: A flaw or weakness in system security procedures, design, implementation, or internal controls that could be exercised (accidentally triggered or intentionally exploited) and result in a security breach or a violation of the system's security policy.

For those of you Microsoft-only shops, consider their take on the problem in the The Security Risk Management Guide. Chapter 1 offers these definitions:

  • Risk: The combination of the probability of an event and its consequence. (ISO Guide 73)
  • Risk management: The process of determining an acceptable level of risk, assessing the current level of risk, taking steps to reduce risk to the acceptable level, and maintaining that level of risk.
  • Threat: A potential cause of an unwanted impact to a system or organization. (ISO 13335-1)
  • Vulnerability: Any weakness, administrative process, or act or physical exposure that makes an information asset susceptible to exploit by a threat.

Microsoft then offers separate appendices with common threats and vulnerabilities. Their threats include catastrophic incidents, mechanical failures, malicious persons, and non-malicious persons, all with examples. Microsoft's vulnerabilities include physical, natural, hardware, software, media, communications, and human. Microsoft clearly delineates between threats and vulnerabilities by breaking out these two concepts.

I'd like to add that the comment on my earlier posting said I should look up "threat" at dictionary.com. I'd rather not think that "security professionals" use a dictionary as the source of their "professional" understanding of their terms. Still, I'll debate on those grounds. The poster wrote that dictionary.com delivers "something that is a source of danger" as its definition. Here is what that site actually says:

  1. An expression of an intention to inflict pain, injury, evil, or punishment.
  2. An indication of impending danger or harm.
  3. One that is regarded as a possible danger; a menace.

Remember what we are debating here. I am concerned that so-called "security professionals" are mixing and matching the terms "threat" and "vulnerability" and "risk" to suit their fancy.

Here's vulnerability, or actually "vulnerable":

  1. Susceptible to physical or emotional injury.
  2. Susceptible to attack: “We are vulnerable both by water and land, without either fleet or army” (Alexander Hamilton).
  3. Open to censure or criticism; assailable.
  4. Liable to succumb, as to persuasion or temptation.

You'll see both words are nouns. But -- a threat is a party, an actor, and a vulnerability is a condition, a weakness. Threats exploit vulnerabilities.

Finally, risk:

  1. The possibility of suffering harm or loss; danger.

Risk is also a noun, but it is a measure of possibility. These are three distinct terms. It is not my problem that I define them properly, in accordance with others who think clearly! I am not inventing any new terms. I'm using them correctly.

I'd like to thank Gunnar Peterson for reminding me of the NIST and Microsoft docs.

'IT' 카테고리의 다른 글

CPU Structure 80x86  (0) 2008.10.02
Linux Memory/CPU administration  (0) 2008.10.02
Android’s threat to the iPhone  (0) 2008.09.30
AT& T, Verizon to Refrain From Tracking Users Online  (0) 2008.09.26
Got an idea to help the world? Here's $10 million  (0) 2008.09.25
Posted by CEOinIRVINE
l
◀ 이전페이지 1 다음페이지 ▶
블로그 이미지
Information Security & US & Life & Love & Fashion & Hacking & Passion hack, web security, game security, game hack, fps, ava, wow, starcraft II, soldier front, gunz, reverse engineering, SQL injection, XSS, hacking, penetration testings, IT, internet technlogoy, security, penetratoin testing, XSS, XSRF CEOinIRVINE

최근에 올라온 글

공지사항

카테고리

CEOinIRVINE (2282)
Editorials (4)
Finance & EMBA (1)
Fashion (239)
IT (215)
Hacking (266)
Online Game (17)
Vocabulary (14)
iLoveBlackberry (2)
Business (1108)
Politics (165)
US News (115)
World News (63)
Career Consulting (8)
Apple (5)
Car (13)
Travel (5)
Irvine (3)
Sports (3)
recipe (1)
Music (15)
TVs (11)
Spanish (1)
Cyber Law (1)
Perl (3)
Java (1)
Artificial Intelligence (1)
Stock (1)

태그목록

달력

«   2025/02   »
1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28

링크

  • Total :
  • Today :
  • Yesterday :
rss

최근에 달린 댓글

최근에 받은 트랙백

글 보관함

티스토리툴바