[img_assist|nid=6252|title=|desc=|link=none|align=right|width=90|height=90]Conventional wisdom has it that Microsoft’s Internet Explorer Web browser is on the way out: succumbing to the death of thousand cuts administered by plucky rivals like Mozilla’s Firefox, Google’s Chrome and even Opera.
Browsing Category: Web Security
Hacked smartphones could endanger troops by sending location data to the enemy using mechanisms similar to those employed by recently discovered Android malware, experts say. Read the full article. [Network World]
[img_assist|nid=6244|title=|desc=|link=none|align=right|width=90|height=90]Mozilla has been aware of the Firefox iFrame bug that came to light yesterday for more than two months now and the company’s engineers concluded early on in the process that the problem was a fairly minor one that was unlikely to cause the vast majority of users any confusion or be exploited by attackers.
In this video from the OWASP AppSec Research conference in Sweden, security researcher Ivan Ristic of Qualys discusses practical methods for breaking SSL.
[img_assist|nid=6233|title=|desc=|link=none|align=right|width=100|height=100]A hack attack that can expose users to malware exploits has infected
more than 1 million webpages, at least two of which belong to Apple. The SQL injection attacks bombard the websites of legitimate
companies with database commands that attempt to add hidden links that
lead to malware exploits. Read the full article. [The Register]
By Charlie Miller[img_assist|nid=3855|title=|desc=|link=none|align=left|width=100|height=100]I’m a security researcher. I find bugs in software, they get fixed. I write exploits, they give me a shell. It’s more or less always the same and it gets kind of boring. But there was one exploit I helped write back in 2007 that was a little different. This is the story of that exploit.
[img_assist|nid=6232|title=|desc=|link=none|align=right|width=100|height=100]It’s possible to craft a malicious website so that a user’s clicks are
secretly redirected to a legitimate site in a way that steals a user’s
passwords and other data. Many Web developers have added protections to
block the tactic on standard websites, but Stanford University
researchers warn that there are not nearly enough defenses against the
technique on mobile websites. Read the full article. [Technology Review]
[img_assist|nid=6204|title=|desc=|link=none|align=left|width=95|height=95]The drumbeat for more secure application development picked up pace on Tuesday, with news that software giant HP had acquired privately funded Fortify Software, a maker of static code analysis tools, for an undisclosed amount.
[img_assist|nid=6202|title=|desc=|link=none|align=right|width=100|height=100]Penn State researchers managed to
identify the pass code patterns on two Android smartphones (the HTC G1
and the HTC Nexus One), 68 percent of the time using photographs taken under
different lighting conditions, and camera positions. Read the full article. [ZDNet]
In this video from the OWASP AppSec Research 2010 conference in Sweden, Michael Schrank, Bastian Braun and Martin Johns discuss the problem of session fixation and what can be done to solve it.