Black Hat 2009: Breaking SSL with null characters

Update: The video of [Moxie]’s presentation is now online.

[Moxie Marlinspike] appeared on our radar back in February when he showed sslstrip at Black Hat DC. It was an amazing piece of software that could hijack and rewrite all SSL connections. The differences between a legitimate site and the hijacked ones were very hard to notice. He recently stumbled across something thing that makes the attack even more effective.

Continue reading “Black Hat 2009: Breaking SSL with null characters”

Securing your data

Lifehacker has published an overview of some of the many ways you can secure your data. The post was prompted by recently released browser vulnerabilities: first IE, then Firefox. They cover techniques far beyond just browser security, like how to properly wipe your iPhone. They mention disk encryption go-to TrueCrypt along with password management tools like KeePass. They also suggest using temporary credit cards to mitigate the impact of fraud.

[photo: Rija 2.0]

Faster browsing with RAM disks


A coworker approached us today wondering if they could get a performance boost using Samsung’s newly announced 256GB SSD. Most of their work is done in browser, so we said “no”. They’d only see benefit if they were reading/writing large files. Their system has plenty of RAM, and we decided to take a different approach. By creating a filesystem in RAM, you can read and write files much faster than on a typical hard drive. We decided to put the browser’s file cache into RAM. Continue reading “Faster browsing with RAM disks”

Chrome and Firefox showing JavaScript improvements

With new betas for both Firefox and Chrome being released, CNET decided to find out how good their JavaScript performance was. Both browsers got a performance boost with Firefox slightly edging out Chrome. You have to turn on TraceMonkey, Firefox’s new Javascript engine in 3.1b1, to get the improvement. We never thought Google was that serious about building a new browser. They just want wanted Firefox to get their act together and suck less. It seems to be working.

[via Lifehacker]

Ubiquity, a browser command line

During the last day the web has been abuzz about Mozilla Labs’ Ubiquity. It’s an addon for Firefox that can help you streamline how you get things done on the web. In the example above, they show constructing an email with a map and reviews using mostly keyboard driven input. The addon is quick to install and we think you’ll find it saving you a lot of time on tasks you’d normally hit the search box for. In the popup, you can do quick Wikipedia lookups, define words, translate, perform calculations, and many other operations. You can email a page to someone by just typing three words. The best part is: anyone can write a command that will expand Ubiquity’s function. Greasemonkey helped fix broken websites and we think Ubiquity will help make interactions between sites much easier. We can’t wait to see what clever uses people come up with.

IBM sees influx in zero-day exploits

IBM’s X-Force security team has released a mid-year report(PDF) stating that the number of zero-day exploits is growing at an alarming rate. For those of you unfamiliar with the term, a zero-day exploit is a program that is created and implemented within 24 hours of the disclosure of a security flaw. These exploits usually affect users before they even know the vulnerability exists and long before a patch is made available. The researchers also found that many of these exploits were targeted at browser plug-ins, which most users utilize on a daily basis.

[Kris Lamb], X-Force operations manager, is blaming the problem on a lack of a unified process for disclosing vulnerabilities. He also claims that the long-held practice of publishing example code of vulnerabilities should be frowned upon.

[via Liquidmatrix]

Best Firefox 3 extensions

We generally try to limit the number of extensions we install for security, performance, and because we use a lot of different systems. That’s not to say there aren’t a lot of interesting addons out there and Mozilla has recently announced the winners of their Extend Firefox 3 Contest. Lifehacker has a full rundown of each of the winners. Nothing really stands out in our eyes (although we might try’s toolbar).

The three extensions we always end up installing are Firebug, Greasemonkey, and Flashblock. What are yours?