Palisade Magazine
 
Wireless Security - Cracking WEP

February 2007

Wireless Security - Cracking WEP

by Arvind Doraiswamy

In the last issue, we took an in-depth look at the internals of WEP. We saw how exactly WEP was used to encrypt a short block of plain text. This time we’ll look at WEP from the perspective of an adversary. What will an adversary see if he manages to capture a block of WEP encrypted data? What can he do with it? Can he use this data to compromise my network? These, among others are some of the questions that we’ll be addressing in the course of this article. Without further delay let’s see how an adversary goes about trying to crack WEP.… more →

ASP Session Cookies

by Jaideep Jha

Over the last few years of carrying out web application audits, we have observed in many ASP-based applications that cookie values do not change between unauthenticated pages and authenticated application areas. Since the user session is associated to the session cookie, if a malicious user gets hold of session cookie prior to user authentication, he can access the authenticated application area also. Classic ASP does not support any method to enforce the change of cookie value. Let’s look into some remedies in this article.… more →

QuizQuiz: Log file privileges

What sort of privilege on the log file does an application need to log transactions?

  1. Read, Write
  2. Read, Write, Append, Delete
  3. Write, Append
  4. Append

more →

On the blog recently

Past quizzes

  • Oct '04 : How can an application ensure that its pages are not cached or left on the client after a user has logged out?
  • Dec '06 : Your Internet Banking site is fully SSL enabled. Login-page, Account summary page and Fund transfer page are all HTTPS enabled. When you bank online - login, check your account summary and do a fund transfer, is SSL authentication and handshake happening separately for each page or is it one handshake for all the three pages?
  • Aug '04 : How should an application generate, store and dispatch non-HTML content to the user's browser?
  • Sep '04 : How should I protect the session cookie in my web application from getting stolen?
  • Dec '04 : What is the best approach to take while designing a cryptographic solution?

Search this website

 Search website

Stay Informed

Want to know when the new issues are out? Just fill in your details, we will take care of notifying you when new issues are released:




Subscribe  Unsubscribe

Write to Us

All flowers, brickbats and suggestions are welcome. You can put in yours on the feedback page.

News & Events

  • 03.03.10. Binu Thomas, CTO Plynt, presented at the RSA Conference 2010 on the topic “Application Security Across the Enterprise: Lessons from the Trenches”. This is the fifth time Paladion has been invited to present here.
  • 25.12.09. Plynt has been selected as a finalist for Red Herring’s Global 100 award, a prestigious list honoring the year’s most promising private technology ventures from around the world.
  • 10.12.09. Deloitte Fast 50 India features Paladion 4 years in a row. The ranking of the 50 fastest growing technology companies places Paladion in the 19th spot.
  • 21.05.09. ICICI Bank and Paladion Have Been Awarded the Best Banking Security Systems Project by the Asian Banker IT Implementation Awards Program
  • 20.04.09. Info Security Products Guide Names Plynt Certification Program Winner of the 2009 Tomorrow’s Technology Today Award