Why are people like Mike Zusman get certificates for already existing domains, which can then be used for extremely effective phishing attacks? The "verification" is a joke at best, harmful at worst.
Yeah, he seems to think that everyone who is a pen tester or a security researcher also writes malicious viruses on the side. Here's a clue: botnet writers are not also working for the security industry, because they…
Really though, this is such a simple attack you'd think that it would be protected against. Any argument about "trust" is irrelevant due to the frustratingly simple way this system has been gamed. Usernames, that's it?…
I think the minimalism analogy translates well to non-web applications as well. I, for one, love Transmission's user interface (that is, the program, not the embedded web server interface, which is nice too). It's super…
Why are people like Mike Zusman get certificates for already existing domains, which can then be used for extremely effective phishing attacks? The "verification" is a joke at best, harmful at worst.
Yeah, he seems to think that everyone who is a pen tester or a security researcher also writes malicious viruses on the side. Here's a clue: botnet writers are not also working for the security industry, because they…
Really though, this is such a simple attack you'd think that it would be protected against. Any argument about "trust" is irrelevant due to the frustratingly simple way this system has been gamed. Usernames, that's it?…
I think the minimalism analogy translates well to non-web applications as well. I, for one, love Transmission's user interface (that is, the program, not the embedded web server interface, which is nice too). It's super…