DISCLAIMER: Logging other people's keystrokes or breaking
into other people's computer without their permission can
be considered illegal by the courts of many countries.
The monitoring software reviewed here is ONLY for authorized
system administrators and/or owners of computers.
We assume no liability and are not responsible for any misuse
or damage caused by the keylogging software. The end user of
this software is obliged to obey all applicable local, state,
federal and other laws in his country of residence.
July 11, 2008
Google releases Web 2.0 security tool
Google has released as open source a web application assessment tool, Ratproxy, that was designed to root out potential security flaws.
Separately, Google also released Browser Sync, a product designed for keeping multiple versions of Firefox synchronised, under an open-source licence.
Last month, Google said it would terminate support for Browser Sync, and this week the company open sourced the code for the product's client software in order to allow the developer community to continue to use and improve it, said Google developer Aaron Boodman in a blog post. "It would be great to see the server ported to Google App Engine, or support for Firefox 3 implemented," Boodman wrote.
Ratproxy is an audit system written internally and introduced last week by Michal Zalewski, a respected security researcher hired by Google almost a year ago to help lock down the company's own websites. The tool has been used at Google for unearthing problems such as cross-site script inclusion threats, insufficient cross-site request forgery defences, caching issues, cross-site scripting candidates, potentially unsafe cross-domain code inclusion schemes and information-leakage scenarios, according to Zalewski.
The proxy works passively by analysing existing, user-initiated traffic, and is particularly tuned for complex Web 2.0 environments, Zalewski said in a blog post.
"We decided to make this tool freely available as open source because we feel it will be a valuable contribution to the information security community, helping advance the community's understanding of security challenges associated with contemporary web technologies," Zalewski wrote. He added that Ratproxy is intended to complement active crawlers and manual proxies, as well as other passive proxies.
The main advantage of Ratproxy is its focus on Web 2.0 applications, drawing on Google's experience with such applications, Zalewski said. For instance, it offers a number of advanced and unique checks, content-sniffing functions capable of distinguishing between stylesheets and Javascript code snippets, and the ability to take into account particular browser-related quirks and content-handling oddities, according to Zalewski's documentation for Ratproxy. The proxy can be used in a chain with third-party security testing proxies, he said.
Ratproxy currently supports Linux, FreeBSD, MacOS X and Windows, and is available from Google Code.
Google has come under increasing pressure in recent months to tighten its security strategy. Last month StopBadware.org, a site sponsored by Google, found that Google itself was one of the top five networks hosting malicious web pages, largely due to the popularity among attackers of Google-owned networks such as Blogger. The other four top-five networks were based in China.
Google admitted recently that the number of drive-by download sites listed in its typical search results has increased significantly over the past year.
Source: ZDNet UK
All news for August, 2008
All news for 2008 year
All news for 2007 year
All news for 2006 year
All news for 2005 year
All news for 2004 year
DONATION: Keylogger.org is an independent research
project supported by a team of enthusiasts. If you find this
project useful or would like to help foster its continued
development please consider making a donation using PayPal`s
online secure payment service. A PayPal account is not required.
All major credit cards are accepted (MasterCard/Eurocard,
Visa/Delta/Electron, American Express, Switch/Maestro, Solo).
Simply click the button below.
Any amount would be useful and appreciated!
Thanks in advance for your support!
|
