Playing the double agent

Posted by DK
October 5, 2007

BlogSec is kicking off its security tips for bloggers category. Its really exciting to share with our readers gems and pearls that many security professionals take for granted. enjoy!

We start off with, "the double agent" really clever title (as you will see) if I do say so myself :)

double agent

Without boring you to much, a user-agent is defined as follows:

The program (such as a web browser) that the end user is using to access an identity provider or a relying party (i.e. Internet Explorer).

So next time you want to sound smart, ask your technical friend what user-agent they use!

Without further ado, The tip of the day: use two web browsers when working on your blog.

A number of web vulnerabilities rely on the fact that you are logged into your blog when visiting their "bad" website, or trackback. So instead of relying on one browser, why not login to your blog with Internet Explorer, and then surf the Internet for resources with another browser like Firefox.

So next time you see a trackback while moderating your comments, don’t be tempted to just click on the link, rather copy and paste the link and visit it with an alternate web browser. Doing this will prevent more attacks then you know.

Security Tips

Random Posts

If you enjoyed this post, please leave a comment or subscribe to the feed and get future articles delivered to your feed reader.

Comments
Comment by imjuk on October 5, 2007 @ 8:37 am

What kind of vulnerabilities are exposed when you go from your blog admin into someone elses site?

Comment by David Kierznowski on October 5, 2007 @ 9:48 am

imjuk, great question. The recent Feedburner Feed Hijacking vulnerability that BlogSec posted a few days ago for one and alot more.

These types of vulnerabilities often require the user to be authenticated for them to work.

Pingback by BlogSecurity » keeping the bots out on October 11, 2007 @ 9:13 pm

[...] a post titled "keeping the libwww-perl bots out" using mod_rewrite and blocking the HTTP_USER_AGENT to help prevent attacks; however, this will not [...]

Comment by Dulcidine on January 22, 2008 @ 1:39 pm

Dear dk. My blog keeps under attack by a lamer. i have database witch is limited of 50000 connections. Is there any way i can stop this lamer? im not a pro at security and website. my website is running on a webhosting sow i cant do anything. Is there away to block ip from attacking the database by connections he has ? He always keeps attacking me on the morning i change the password of my database then the attacks stops.

Leave a comment

(required)

(required)