Browsing Category: Web Security

[img_assist|nid=6244|title=|desc=|link=none|align=right|width=90|height=90]Mozilla has been aware of the Firefox iFrame bug that came to light yesterday for more than two months now and the company’s engineers concluded early on in the process that the problem was a fairly minor one that was unlikely to cause the vast majority of users any confusion or be exploited by attackers.

Read more...

[img_assist|nid=6233|title=|desc=|link=none|align=right|width=100|height=100]A hack attack that can expose users to malware exploits has infected
more than 1 million webpages, at least two of which belong to Apple. The SQL injection attacks bombard the websites of legitimate
companies with database commands that attempt to add hidden links that
lead to malware exploits. Read the full article. [The Register]

Read more...

By Charlie Miller[img_assist|nid=3855|title=|desc=|link=none|align=left|width=100|height=100]I’m a security researcher.  I find bugs in software, they get fixed. I write exploits, they give me a shell. It’s more or less always the same and it gets kind of boring. But there was one exploit I helped write back in 2007 that was a little different. This is the story of that exploit.

Read more...

[img_assist|nid=6232|title=|desc=|link=none|align=right|width=100|height=100]It’s possible to craft a malicious website so that a user’s clicks are
secretly redirected to a legitimate site in a way that steals a user’s
passwords and other data. Many Web developers have added protections to
block the tactic on standard websites, but Stanford University
researchers warn that there are not nearly enough defenses against the
technique on mobile websites. Read the full article. [Technology Review]

Read more...