Nov 16, 2007


Direct HTTP downloads file sites: the new P2P secret?

Well, every security administrator now days is blocking the P2P traffic in his organization.

but are the blocking HTTP downloads? No.

The file sharing community has shifted to a more fast and transparent approach by going back to the good old fashion Direct HTTP downloads.

Sites like rapidshare.com and megaupload.com are now giving the ability to upload everything to their servers - like a huge open file server on the Internet.

People are now uploading their favorites MP3s, movies, and cracked software to these server and posting the link to the file on their favorites FORUMS.

Some of them even upload those files with PASSWORD PROTECTION and they will publish the link+password to the registered FORUM members.

here are some of the major URLs/Domains you should consider blocking at your PROXY level in your organization:

*.rapidshare

*.megaupload

*.myfiles.co.il
*.israfiles

*.fileflyer

*.maxfiles

*.megshares.com
*.flyupload.com
*.file27.com
*.download-mirror.net

*.netload.in

*.myup.biz
*.w.eatlime.com
*.yastorage.com/

*.a2zuploads.com

*.badongo.com

*.mihd.net

*.uploaded.to
*.depositfiles

*.zshare.net

*.filefactory


--
\
\ (o>
(o> //
_(()__ _V_/_____
|| ||
|| tzvi.cooper

Posted by at No comments:

Feb 6, 2007

...Went to my first OWAP meeting!

The 6th OWASP IL meeting was held on January 24th 2007, at 17:15, at Breach Security offices in Herzelya and was sponsored by Breach Security. The meeting was very successful, with nearly 50 people attending the meeting.

Took me 5 minutes to understand that I’m out of my league :-)
Guess most of administrator who went to an OWASP meetings felt the same…
Still , it was exciting and refreshing compared to all those “right click “ meeting that I’ve seen before

3 presentations took place –you can download the here:
Source_Code_Analysis_and_Application_Security

WCF_Security
XSS_PDF_Vulnerability.pdf

They were talking about:
1. New tools to automate security checking before a single line of code executed.
2. some Microsoft new cross platform communication suite –(refers to the .NET 3)
3. a new and very easy PFD XSS on the web
Posted by at No comments:
Labels:

OWAP TRANSLATION

הי
owap
אני עובד כעת על תרגום "שאלות נפוצות " מאתר
Posted by at No comments:
Subscribe to: Posts (Atom)