about_customblogblog_customclosedocumenteliemenuphotos_custompublications_customsearch_newsmiletoolsvideos_custom
close-normalfacebookgoogleinstagramlinkedinlocationmailredditrsstagtwitteryoutube
gamemouseperfwebwrite
Bonjour!
This blog is about web technologies and games with a focus performance and security
February 2016

Big data weaponization and malware-based espionage are usually associated with governments; however, they don’t own a monopoly on such activities. Also, online poker uses big data to profile user behavior. Players search for fish (bad players) and they use malware to spy on and rip off infected players at the (online) poker table. This blog post is a brief tour of some of the darkest aspects of online poker.

January 2016

This post summarizes which equipement the FBI use to seize the content of servers and laptops despite many of them use full disk encryption and which defenses exist.

January 2016

This post looks at how an attacker can intercept and read emails sent from one email provider to another by performing a DNS MX record hijacking attack. While our research on the state of email delivery security indicates that this attack is less pervasive than the TLS downgrade attack discussed in a previous post, it is equally effective at defeating email in-transit encryption. This post explains how this attack works, how it can be mitigated and to what extent it also affects the security of a website.

January 2016

Follow these ten easy steps to improve your online security and privacy quickly.

December 2015

Over the last two years, the number of encrypted emails received by Gmail has almost doubled, as I reported earlier on the Google security blog. This very encouraging trend is sadly accompanied with an increase of SMTP TLS downgrade attacks, which prevent encryption of emails in transit as discussed in our research paper on the state of email transport security. This blog post explains how such an attack is performed and why there is no simple “patch” for it.

Phishing is a social-engineering attack where the attacker entice his victims to give-up their credentials for a given website by impersonating it. Believe it or not phishing campaigns are well organized and follow a very strict playbook. This post aim at shedding some light on how phishing campaign works under the hood, showcase which infrastructure phishers use to steal users credentials and provide advice on how to defend against it.

May 2015

To help Hearthstone players keep track of complex effect outcomes and improve their game play, I created a set cheat sheets. Each sheet cheat provided detailed statistics for a given card that trigger a complex effect such as the piloted shredder “summon a 2-mana cost minion.”

April 2015

To celebrate the new Hearthstone extension, Blackrock Mountain, I’m releasing a Hearthstone 3D card viewer written in pure Javascript. I feel Blackrock Mountain’s release is the perfect opportunity to showcase HTML5’s top notch performance and inspire more people to do cool visualizations on the web. With well over 500 cards, it’s high time to create a tool with powerful filtering and attractive visualization to explore the cards in an interesting fashion that works both on desktops and tablets. Hope you like it  :)

April 2015

19.5% of HTTPS-enabled sites in Alexa's Top 1 Million trigger or will soon trigger a Chrome security warning because they are using the now deprecated SHA-1 signature algorithm to sign their HTTPS certificate. Soon those sites will be flagged by all major browsers as insecure.

September 2014

I am a legend: Hacking Hearthstone with machine learning Defcon talk wrap-up: video and slides available but no tool. Here is why: The video and slides of our talk on how to use machine learning for Hearthstone are finally available for those who couldn’t come to Defcon. In our talk, Celine and I show how […]

Join the 3542 security minded readers that get the latest posts in their inbox!

Learn About:
  • Cutting edge attacks and how to defend against it.
  • Actionable web security and performance tips.
  • Emerging cyber-security trends.
Enter your email and stay on top of things.
 
No spam I promise and you can unsubscribe anytime.
Elie Bursztein © 2016
Papers
Blog
Tools
Photos
About Me

Recent entries