tag:blogger.com,1999:blog-13756280.post8886048070502930546..comments2024-02-08T03:44:23.780-08:00Comments on Jeremiah Grossman: Comcast.net hacker vows not break the third rule, againJeremiah Grossmanhttp://www.blogger.com/profile/05017778127841311186noreply@blogger.comBlogger7125tag:blogger.com,1999:blog-13756280.post-51482228193339809172008-06-03T19:08:00.001-07:002008-06-03T19:08:00.001-07:00i like little bobby tablesi like little bobby tablesAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-18087866388076502392008-06-03T19:08:00.000-07:002008-06-03T19:08:00.000-07:00PCI requires you to check/vouch for the security o...PCI requires you to check/vouch for the security of your online service providers. In this case it would have or should have included the domain registrar. This will continue to be an attractive target for hackers moving forward.Jeremiah Grossmanhttps://www.blogger.com/profile/05017778127841311186noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-24061901839380771332008-06-02T09:16:00.000-07:002008-06-02T09:16:00.000-07:00I would like to know what Jeremiah thinks about th...I would like to know what Jeremiah thinks about this kind of hacks.<BR/>Comcast wasn't hacked directly but through another domain. What if comcast had to carry out PCI compliance? They would have probably passed it but they would have been still hackable through third party vulnerabilities. On domains not interested by a pci compliance process. I wrote up my thinking about this <A HREF="http://www.hackerscenter.com/index.php?/Blogs/2137-Comcast-A-chain-is-only-as-strong.html" REL="nofollow"> here</A>Unknownhttps://www.blogger.com/profile/14434142193152536216noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-71017877483765702302008-05-31T21:20:00.000-07:002008-05-31T21:20:00.000-07:00The "Little Bobby Tables" comic, while humorous, p...The "Little Bobby Tables" comic, while humorous, provides somewhat incorrect advice. Although "sanitizing database inputs" is on the right track - the better advice is to instruct the security aware programmer to use parameterized queries with binding of all variables when building a query. "Sanitizing database inputs", which implies input validation, is not nearly enough to protect against SQL Injection.Jim Manicohttps://www.blogger.com/profile/12382834501997208557noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-25717622043372905472008-05-31T12:18:00.000-07:002008-05-31T12:18:00.000-07:00Best quotes I have seen in quite some time. I wond...Best quotes I have seen in quite some time. I wonder how many other people live on Dick Tard Lane.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-70767190403689040502008-05-30T15:55:00.000-07:002008-05-30T15:55:00.000-07:00Doesn't "Little Bobby Tables" (http://xkcd.com/327...Doesn't "Little Bobby Tables" (http://xkcd.com/327/) live at "69 Dick Tard Lane" (http://chicagoist.com/2008/05/30/comcast_hackers.php)?<BR/><BR/>Sorry, I could not resist. =)Cyberlocksmithhttps://www.blogger.com/profile/13175100431415426778noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-51035821371417710212008-05-30T14:57:00.000-07:002008-05-30T14:57:00.000-07:00nothing worse than getting arrested and not lookin...nothing worse than getting arrested and not looking good :)Anonymousnoreply@blogger.com