Browsing Category: Web Security

[img_assist|nid=1722|title=|desc=|link=none|align=left|width=115|height=115]Hackers can exploit
a flaw in Adobe’s Flash to compromise nearly every Web site that allows
users to upload content, including Google’s Gmail, then launch silent
attacks on visitors to those sites, security researchers said today. Adobe
did not dispute the researchers’ claims, but said that Web designers
and administrators have a responsibility to craft their applications
and sites to prevent such attacks. Read the full article. [Computerworld] Read the research. [Foreground Security]

Read more...

[img_assist|nid=1723|title=|desc=|link=none|align=right|width=115|height=115]WASHINGTON–There has been a big push in recent years in the security community toward metrics, and measurements of all types have become a hot topic in certain corners of the industry. But measurement for measurement’s sake is useless-and perhaps even counterproductive–if the security team in an organization doesn’t define its goals and parameters ahead of time, experts say.

Read more...

A researcher is working on tools for
penetration testers that’s a first step toward ultimately integrating
and correlating data among different types of penetration-testing
products. Josh Abraham, a.k.a. “Jabra,” will release some proof-of-concept tools at the OWASP AppSec Conference in Washington, D.C., that let pen testers integrate data they gather in their white-hat hacking projects. Read the full article. [Dark Reading]

Read more...

Categories: Malware, Web Security

[img_assist|nid=707|title=|desc=|link=none|align=left|width=115|height=115]By Vitaly KamlukWe’ve been looking at the infrastructure of the Gumblar malware and found some curious facts on how Gumblar operates which we would like to share to make hosting owners aware of the Gumblar threat.Analysis of some infected websites showed that the only way to inject the infection of Gumblar was by using FTP access, because those websites have no server-side scripting. Later this was proved by an analysis of FTP log files.

Read more...

[img_assist|nid=1669|title=|desc=|link=none|align=right|width=115|height=115]The security glitch, which is linked to a “cash back” system
operated by Bing, potentially leaves users and retailers exposed to
fake transactions. But despite an outcry online over the existence of
the loophole, the world’s largest company has responded to the issue by
threatening legal action against the man who discovered the problem. First launched last year, before Microsoft rebranded
its search website, the affiliate scheme offers users the chance to
earn money back for every product they buy through the service. Read the full article. [guardian.co.uk]

Read more...

[img_assist|nid=1649|title=|desc=|link=none|align=center|width=470|height=153]Almost 80% of more than 3,000 software security flaws publicly reported
so far this year have been in Web technologies such as Web servers,
applications, plugins and Web browsers.
That number is about 10% higher than the number of flaws reported in
the same period last year — and nine out of 10 of the flaws were found
in commercial code. Read the full article. [Computerworld]

Read more...

Categories: Web Security

[img_assist|nid=1653|title=|desc=|link=none|align=left|width=115|height=115]Human error is to blame for the accidental exposure last week of
more than 4,500 Chaminade University student’s Social Security numbers
on the private Catholic college’s official Web site. University officials discovered the snafu Wednesday and quickly removed the obscure but accessible links from the Web site. The students’ Social Security numbers were exposed for about
eight months, according to a statement released by the Honolulu-based
university. Read the full article. [internetnews.com]

Read more...

Categories: Web Security

[img_assist|nid=1647|title=|desc=|link=none|align=right|width=115|height=115]As of this morning, an anonymous group hijacked more than 200 Facebook groups and renamed them “Control Your Info”. Pasted on each group’s Wall was a message announcing that it had been “hijacked” and reminding members to be careful about controlling personal information on social networking sites. “This means we control a certain part of the information about you on
Facebook. If we wanted we could make you appear in a bad way which
could damage your image,” the message said. Read the full article. [Computerworld] 

Read more...

[img_assist|nid=494|title=|desc=|link=none|align=right|width=115|height=115]Microsoft’s Computer Online Forensic Evidence Extractor (COFEE) has made it into the hands of pirates, and their virtual ships are distributing it. The COFEE application lets officers grab data from password-protected or encrypted sources. That means you can now break the law twice over: download the software and then use it to steal information from other people’s computers.

Read more...

Categories: Web Security

[img_assist|nid=1597|title=|desc=|link=none|align=left|width=100|height=100]Microsoft will release on Tuesday
guidelines for developers building online applications and for those using the Agile code-development process. The Agile guidelines apply principles from Microsoft’s Security
Development Lifecycle (SDL) to Agile, an umbrella term for a
development model frequently used for Web-based applications released
under short deadlines, called “sprints.”ilding online applications and for those
using the Agile code-development process. Read the full article. [Computerworld]

Read more...