According to a recent announcement, Gmail will start blocking .js file attachments starting February 13, 2017. Blocking specific attachment types isn't something that is new to Gmail. They already block attaching file attachments that are .exe, .msc, and .bat types. The recent move to add javascript files is most likely related to the recent malware/ransomware campaigns that have started using JavaScript files instead of Microsoft Office files. There was an article posted back in April … [Read more...] about Gmail will block JavaScript file attachments
Secure Notification Updates in FireFox and Chrome
There has been a steady increase in the number of applications that have switched to using HTTPS instead of HTTP for communication. Even sites that have no sensitive information or authentication mechanisms. Using HTTPS provides authentication and a secure channel to transmit data between client and server. The authentication verifies that you are communicating with the organization you thought you were. This secure transmission is meant to stop other parties from being able to read or … [Read more...] about Secure Notification Updates in FireFox and Chrome
Remember Me Features
Tired of constantly logging into your applications? Don't you wish they would just remember you each time you visit, logging you right in? It isn't as always easy to achieve such a status. There are multiple ways remember me can be implemented. Lets take a look at some of them. Remember UserName One of the most common ways for a site to implement the remember me functionality is to remember the username only. The username is typically stored in a cookie on the client's computer. … [Read more...] about Remember Me Features
Introducing our Slack channel
It is a new year and time for some new ways for all of us to communicate. We appreciate all that have read the posts and listened to the podcast. Both of these will continue to move forward in 2017 with some new material on the way. We are happy to announce we have started a Slack channel. You can find it at developsec.slack.com. The blog and podcasts have been great in providing information in a read-only manner. Slack is an opportunity to open up more conversation and create more … [Read more...] about Introducing our Slack channel
MongoDBs under attack from ransomware
In recent news, it was identified that MongoDB databases are being exposed on the internet and infected with ransomeware. In a little under a week, the infection count went from 200 to 10,000. That is a quick ramp up. In this case, misconfigurations may bind the database port to the public interface, while also allowing anonymous access. This combination can be devastating. Doing a quick search on Shodan you may find there are thousands of misconfigured MondoDB servers exposed on the … [Read more...] about MongoDBs under attack from ransomware
The 1 thing you need to know about the Daily Motion hack
It was just released that Daily Motion suffered a hack attack resulting in a large number of usernames and email addresses being released. Rather than focusing on the number of records received (the wow factor), I want to highlight what most places are just glancing over: Password Storage. According to the report, only a small portion of the accounts had a password associated with it. That is in the millions, and you might be thinking this is bad. It is actually the highlight of the story. … [Read more...] about The 1 thing you need to know about the Daily Motion hack