Vulnerabilities

At any given time, there are probably dozens of somewhat serious SQL injection attacks going on in various portions of the Internet. But many of them never get noticed by most people, either because they’re not widespread enough or they’re not hitting high-profile targets. There’s one that’s been ongoing for several weeks now that has hit a threshold that commands some attention: more than a million infected URLs.

A pair of researchers have identified a cross-site scripting vulnerability in WordPress 3.3, however the bug is only reproducible on installations that were installed using an IP address rather than a domain.

The website for California’s Statewide Law Enforcement Association (CSLEA) union remained offline Tuesday following the announcement of a hack by well-known hacktivist group Anonymous over the holiday weekend.

By Joe BasiricoWhile assessing software systems of all types a few common mistakes regularly come up. These aren’t mistakes that lead directly to vulnerabilities, but mistakes in how some software companies think about security, that can lead to invalid assumptions, and ultimately which can allow real security vulnerabilities to slip through the cracks.

Shari Lawrence Pfleeger wrote the book on cyber security – or should we say “books.” The longtime researcher and expert has authored numerous textbooks on everything from software engineering, to the application of metrics in software development, to computer security. The head of research for the Institute for Information Infrastructure Protection (I3P) at Dartmouth College, Pfleeger says that many of the biggest challenges facing organizations in the realm of cyber security are social, and not technological.

UPDATED Microsoft on Thursday plans to release an emergency out-of-band update to address a vulnerability in ASP.NET that could allow an attacker to consume all of the resources on a vulnerable server with a single specially designed HTTP request. The vulnerability affects a wide range of Web platforms are vulnerable to this attack, and Microsoft officials said they’re releasing the patch now because they’re expecting exploit code to be released in the near future.

Just days after a successful attack on the security think tank Stratfor, Anonymous, the anarchic hacking collective, is getting headlines again for an attack on Specialforces.com, a Web site used by members of the armed forces law enforcement officers and gun enthusiasts. However, an employee working for the online store said the group is playing the media by taking credit for a hack that happened months ago.