Jouko Pynnonen posted a message to the Full-Disclosure mailing list today, citing multiple "script injection" vulnerabilities within Facebook. I'm not sure if this is a surprise to anybody out there, it's certainly not to me, as numerous web applications have major problems with Cross-site Scripting vulnerabilities, but I think this is important to note due to the widespread use of Facebook.
Staying on top of the latest in software/hardware security research, vulnerabilities, threats and computer attacks.
Violet Blue is the author of The Smart Girl's Guide to Privacy. She contributes to ZDNet, CNET, CBS News and SF Appeal.
Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years
Kaspersky's most recent product launch of the Kaspersky Internet Security 2009, is featuring a virtual keyboard "a secure pop-up that enables logins, passwords, bank card details and other important personal information to be entered safely to prevent the theft of confidential information" aiming to protect users from keyloggers, and consequently provide a safer Ebanking experience.
The firewall is one of the few security tools that has been proven to be very effective at improving a company's security posture. However, staying on top of policies -- and responding to change requests -- while trying to manage multiple firewalls from different vendors can be a never-ending nightmare for IT admins.
A recently accepted legislation in Lithuania banning communist symbols across Lithuania, has prompted Pro-Russian hackers to start defacing Lithuanian sites, an indication of the upcoming attack was detected last week with active discussions around Russian forums greatly reminding us of the Russia vs Estonia cyberattack sparkled due to the removal of a Red Army memorial from the capital Tallinn.
Guest Editorial by Tiller BeauchampEarlier this month I had the opportunity to present RE:Trace at the Recon conference, a reverse engineering conference held every other year in Montreal, Canada. The conference consisted of three days of training and three days of talks in a single track.
Mozilla has shipped a high-priority update for Firefox 2, warning that there are at least five serious vulnerabilities that could lead to code execution attacks.With Firefox 2.
Researchers at Secunia have found a "highly critical" vulnerability that puts users of the cross-platform VLC Media Player at risk of remote code execution attacks.The vulnerability is confirmed in version 0.
OK, I'm not going to freak out about this too bad... I've already pointed out enough problems with PCI, but I did find it morbidly entertaining.
When Microsoft's Internet Explorer 8 hits the Beta 2 milestone in August, the browser makeover will feature a full-fledged anti-malware blocker and new protections against some forms of cross-site scripting attacks.The existing phishing filter IE 7 has been renamed SmartScreen Filter and will include blacklist-based blocking of known exploit sites.
The latest high trafficked web site to fall victim into the continuing waves of massive SQL injection attacks courtesy of copycats and the ASProx botnet, is Sony's PlayStation U.S site according to a recent post at SophosLabs's blog :"Researchers at IT security firm Sophos have warned lovers of video games that pages on the US-based Sony PlayStation website have been compromised by hackers.