Browsing Category: Web Security
Sir Tim Berners-Lee, the creator of the worldwide web, has revealed how he fell victim to online fraudsters while trying to buy a gift over the internet.
The SANS Internet Storm Center has a fascinating look [isc.sans.org] today at a recent incident in which a Web server was compromised through the use of a remote Web application flaw. The attack might have stopped there, but a series of cascading failures led to further problems and damage. It’s a classic boy-meets-server, boy-0wns-server tale.
The Anti-Phishing Working Group (APWG) hasdeveloped a way for police and other organizations to report e-crimes in a common data format readable by a Web browser or other application, according to a report by Jeremy Kirk [CIO.com].
By Christian Heinrich
The second Open Web Application Security Project (OWASP) Conference held on the Gold Coast is regarded as the leading Web Application Security conference within the Asia Pacific region attracting both Australian and overseas speakers and attendees.
The conference continued its community atmosphere with open discussions and sharing of ideas on Web Application Security during the various social events each night including a gala dinner.
Microsoft’s research unit is investing resources in a new Web browser that could eventually signal a shift away from the ubiquitous Internet Explorer.
According to a research paper released this week, the project is called Gazelle and is positioned as a secure web browser constructed as a multi-principal operating system.
Facebook and other social networks can be downright unfriendly when it comes to scam attempts. PC World’s JR Raphael has put together five attack scenarios and information on how to protect yourself and your Facebook friends.
Over at Microsoft’s MSDN magazine, there’s a really interesting article by Bryan Sullivan suggesting a defense-in-depth strategy to protect Web sites and applications from cross-site scripting (XSS) and cross-site request forgery (XSRF) attacks.
Attention GMail and GTalk users: There’s a major spam run underway with social engineering lures to steal your login cretentials.
This image shows a GMail message that purports to be an account termination warning from Google but, if a user is tricked into clicking on the link, he/she is redirected to a fake GMail page requesting the login credentials.
After years of lagging behind on important security features, Apple has finally added a malware-blocker, a phishing filter and support for EV (extended validation) certificates into the latest refresh of its Safari Web browser.
The malware roadblock headlines a list of Safari 4 security features that also includes cookie blocking, private browsing, secure encryption, safe downloads and parental controls.