Browsing Category: Web Security

From DarkReading (Kelly Jackson Higgins)
The cleanup cost for fixing a bug in a homegrown Web application ranges anywhere from $400 to $4,000 to repair, depending on the vulnerability and the way it’s fixed.
Security experts traditionally have been hesitant to calculate the actual cost associated with bug fixes because there are so many variables, including the severity of the vulnerability, differences in man-hour rates, and the makeup of the actual fix. Read the full story [darkreading.com]

Read more...

Categories: Web Security

SQL injection attacks have become the most reliable way for hackers to gain access to valuable data on back-end systems, with many high-profile Web sites falling victim to the technique over the last couple of years. The attacks themselves are fairly straightforward, but the results can be devastating, as this explanation of SQL injection from IBM ISS’s X-Force shows.

Read more...

From ZDNet (Dancho Danchev)
A newly discovered email worm dubbed OSX/Tored-A once again puts the spotlight on the potential worm-ability, and malware spreading tactics targeting Apple’s OS X.
The worm propagates through emails harvested from infected hosts, and has a backdoor functionality allowing its author to perform the following actions if a successful remote connection is established – attempts to create a botnet, has keylogging functionality, and can also perform DDoS attacks as well as send spam. Read the full story [zdnet.com]

Read more...

Categories: Web Security

The automatic update is one of the more useful tools ever invented by software developers. Click a couple of buttons and you never have to worry about checking for new security updates again–it happens automagically! But it’s also one of the more frustrating and intrusive mechanisms we’ve seen in recent years, thanks to the tendency of vendors to abuse its power and smush in a bunch of extra applications and add-ons that users may have little use or desire for.

Read more...

Categories: Web Security

From CIO (C.G. Lynch)

As more workers spend a greater part of their days on social networks like Facebook and Twitter, hackers have turned their energies toward spreading their malware across those services, harming workstations and company networks.

That’s the contention of a recent report measuring Web 2.0-targeted hacks that occurred in the first quarter of this year and was conducted by the Secure Enterprise 2.0 Forum, an industry group aimed at enabling the safe use of social media in the workplace. Read the full story [cio.com]

Read more...

Categories: Web Security

After a two year absence, IBM X-Force is reporting [iss.net] a significant spike in image-based spam.   
“Since March 20th, we have been witnessing a rebirth of image-based spam.  At first, we saw a small trial of image-based spam, reaching 5-10%.  Then, in late April, we saw another blast (this time a much bigger effort) reaching 15-22% of all spam, according to researchers Ralf Iffert and Holly Stewart.

Read more...

From The H Security
Updating browsers without first asking users is apparently the most successful way of ensuring wide distribution for the latest version – thus minimising the number of vulnerable browsers. A joint study [techzoom.net] by Google Switzerland and the ETH (Swiss Federal Institute of Technology) in Zurich concludes that, if an update requires too much user interaction or effort, users will either abort the process or fail even to run it. Read the full story [h-online.com]

Read more...

Categories: Web Security

From ZDNet (Dancho Danchev) 
Yesterday, a French hacker claimed to have gained access to Twitter’s administration panel, and based on the screen shots that he included featuring internal data [zataz.com] for accounts belonging to U.S President Barack Obama, Britney Spears, Ashton Kutcher, and Lily Allen, as well as a detailed overview of different sections behind the scenes of Twitter, his claims [mashable.com] seem pretty legitimate. Read the full story [zdnet.com].

Read more...