Web Security


Free Service Targets XSS Bugs in Java Apps

Cross-site scripting bugs have been a major problem for Web site operators for years now, and while their causes and their solutions are both well-understood, they’re still quite pervasive. But a new free service is aiming to help site owners avoid the serious compromises that can follow an attack on an XSS flaw.

DHS: $40m To Research Next Big Thing in Cyber Security

The U.S. Department of Homeland Security issued a call for proposals this week in a $40m program to encourage research and development in a wide range of topics related to cyber security: from designing more resilient software, to alternatives to passwords and CAPTCHA technology to prevent automated attacks.


Microsoft is warning its users about a dangerous flaw in the way that Windows handles certain MHTML operations, which could allow an attacker to run code on vulnerable machines. The bug affects all of the current versions of Windows, from XP up through Windows 7 and Windows Server 2008.

The recent rash of attacks against free and open source software projects continued this week with an attack that targeted SourceForge, the popular repository for open source projects. The attack compromised a number of separate systems, including the site’s CVS system.

The last year has seen a string of takedowns of botnet command-and-control servers, malware drop zones, spam operations and other pieces of the crimeware infrastructure, each of which made a dent in one way or another. But the question of whether the takedowns have had any lasting effect on the overall level of crime and fraud online is a more complicated one.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.