PayPal fixed an XSS vulnerability today that drew some attention. Harry Sintonen reported an XSS vulnerability in the "safe" area of the PayPal application.
Staying on top of the latest in software/hardware security research, vulnerabilities, threats and computer attacks.
Violet Blue is the author of The Smart Girl's Guide to Privacy. She contributes to ZDNet, CNET, CBS News, and SF Appeal.
Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years
Add the popular Foxit Reader to the list of desktop software applications to be patched as a matter of priority.According to vulnerability research outfit Secunia, there's a "highly critical" vulnerability in the alternative PDF reader software that can be exploited by malicious hackers to take complete control of a target system.
The Google-backed StopBadware.org coalition has called on Apple to rethink its stance on whether the Safari "carpet bomb" issue reported by Nitesh Dhanjani constitutes a serious security risk.
Yesterday, Ferruh Mavituna of Portcullis released a whitepaper entitled "DoS Attacks Using SQL Wildcards", with some insightful comments on how it's possible to multiply the attack tactics discussed to the point where not even a botnet would be needed to successfully accomplish them.Summary of the paper :This paper discusses abusing Microsoft SQL Query wildcards to consume CPU in database servers.
Whenever the risks from the inside threat are discussed, it's usually about the disgruntled/malicious employee within the firewall abusing permissions to steal data or plant malware in sensitive parts of the network.But, there's an insider on the outside that's often forgotten -- the ex-employee with access to user accounts (and default settings) that remain active after he/she has left the company.
The Storm Worm malware is back in the game, with its most recent campaign currently active and trying to entice users into executing iloveyou.exe by spamming them with links to already infected hosts acting as web servers, next to SQL injecting malicious domains into legitimate sites for the campaign to scale faster.
I'm becoming a contributor on Zero Day to let the experts handle our security blog.As you may have noticed, Ryan Naraine has returned to Zero Day creating what I consider a security dream team.
CNET News.com's Martin LaMonica recently stumbled upon on an information disclosure vulnerability in Zoho Writer, the browser-based word processing software popular among Web 2.
The botnet masters behind the Asprox botnet have recently started SQL injecting fast-fluxed malicious domains in order to enjoy a decent tactical advantage in an attempt to increase the survivability of the malicious campaign. I first assessed the Asprox botnet in January, and again in April when it started scaling and diversifying its campaigns from fake Windows updates, to fake Yahoo ecards, as well as executable news items.
Irony at its best. It appears that Redmond - The Independent Voice of the Microsoft IT Community, formerly known as Microsoft Certified Professional Magazine is currently flagged as a badware site, and third-party exploit detection tools are also detecting internal pages as exploit hosting ones, in this particular case Mal/Badsrc-A.