February 2007
Wireless Security - Cracking WEP
by Arvind Doraiswamy
In the last issue, we took an in-depth look at the internals of WEP. We saw how exactly WEP was used to encrypt a short block of plain text. This time we’ll look at WEP from the perspective of an adversary. What will an adversary see if he manages to capture a block of WEP encrypted data? What can he do with it? Can he use this data to compromise my network? These, among others are some of the questions that we’ll be addressing in the course of this article. Without further delay let’s see how an adversary goes about trying to crack WEP.… more →
ASP Session Cookies
by Jaideep Jha
Over the last few years of carrying out web application audits, we have observed in many ASP-based applications that cookie values do not change between unauthenticated pages and authenticated application areas. Since the user session is associated to the session cookie, if a malicious user gets hold of session cookie prior to user authentication, he can access the authenticated application area also. Classic ASP does not support any method to enforce the change of cookie value. Let’s look into some remedies in this article.… more →
Quiz: Log file privileges
What sort of privilege on the log file does an application need to log transactions?
- Read, Write
- Read, Write, Append, Delete
- Write, Append
- Append