What is Memcache? Memcache is temporary data storage service which stores data in <key> :< value> format. It improves the overall performance of the website by storing chunks of data in a cache. Example Scenarios where memcache might be used If the application is having some huge chunk of static data which needs to be displayed to the user as is like List of Countries for a Registration Form or Bank IFSC codes and so Read More…
Summary: LinkedIn has a feature called Project wherein you can add project members from your connections. We were able to discover a way to view a LinkedIn member’s project even if he/she is not one of our connections. We were also able to create a new project and add other LinkedIn members to it without their approval. We were able to achieve this by playing around with some HTTP request parameters. Technical Details Vulnerability A Read More…
Many times we receive SMS’s on our cell phones displaying messages like the one shown below: Typically a phone number to call or a website link is given which asks the user to provide his/her personal identifiable information – bank account number, PIN, or credit card number – to claim the prize money. When an innocent user provides such information, unauthorized transactions are made from user’s talk time or bank account on user’s behalf. What Read More…
Scope: This article demonstrates logging techniques in MySQL to uncover and analyze any mischief attempts done by (outside or inside) user focusing on specific areas in database. Getting Started: Following are the types of logs available in MySQL[1]. Log Type Information Written to Log Error log Problems encountered starting, running, or stopping mysqld General query log Established client connections and statements received from clients Binary log Statements that change data (also used for replication) Relay Read More…
Over the past few years, we have completed a number of social engineering tests as part of advanced penetration testing at various organizations. Coincidentally, I recently read an excellent book called “Influence – the Psychology of Persuasion” by Dr. Robert Cialdini.and realized that it has some excellent lessons for anyone wanting to guard themselves from social engineering attacks. Dr. Cialdini’s book is an excellent coverage of what he calls “compliance professionals” – people engaged in Read More…