Donald Sears

UN Site Has 3-Year Old SQL Injection

Three years after the United Nations’ website
was defaced by activist hackers using a SQL injection attack, the site
still contains multiple instances of these vulnerabilities. Read the full article. [Dark Reading]

Survey Shows High Cloud Hacking Expectations

An in-depth survey carried out amongst 100 of those attending this year’s DEFCON conference revealed that an overwhelming 96 percent of the respondents said they believed the cloud would open up more hacking opportunities for them. Read the full article. [Help Net Security]

phpMyAdmin Closes Code Execution Holes

The phpMyAdmin developers have announced the release of version 3.3.5.1 and 2.11.10.1 of their database administration tool, security updates that fix one critical and several serious vulnerabilities. Read the full article. [The H Security]


A conceptual problem in the memory management area of Linux allows local attackers to execute code at root level which is caused by potential overlaps between the memory areas of the stack and shared memory segments, according to a report by Rafal Wojtczuk. Read the full article. [The H Security]

A hack attack that can expose users to malware exploits has infected
more than 1 million webpages, at least two of which belong to Apple. The SQL injection attacks bombard the websites of legitimate
companies with database commands that attempt to add hidden links that
lead to malware exploits. Read the full article. [The Register]

It’s possible to craft a malicious website so that a user’s clicks are
secretly redirected to a legitimate site in a way that steals a user’s
passwords and other data. Many Web developers have added protections to
block the tactic on standard websites, but Stanford University
researchers warn that there are not nearly enough defenses against the
technique on mobile websites. Read the full article. [Technology Review]

Penn State researchers managed to
identify the pass code patterns on two Android smartphones (the HTC G1
and the HTC Nexus One), 68 percent of the time using photographs taken under
different lighting conditions, and camera positions. Read the full article. [ZDNet]