Tuesday, June 24th, 2008
The MSRC released an advisory today that discusses the recent SQL injection attacks and announces three new tools to help identify and block these types of vulnerabilities. The advisory discusses the new tools, the purpose of each, and the way each complements the others. The goal of this blog post is ...
Posted in Coding, Internet, Security, Software | No Comments
Saturday, June 21st, 2008
Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords ...
Posted in Internet, Linux, Networking, Privacy, Security, Software, Windows | No Comments
Wednesday, June 4th, 2008
Recently Arshan Dabirsiaghi, Director of Research of Aspect Security, published a white paper entitled “Bypassing URL Authentication and Authorization with HTTP Verb Tampering”. Initially there was a lot of confusion about what exactly was being explained or claimed. Including, is it real? Is it novel? Is it dangerous? What is ...
Posted in Coding, Internet, Privacy, Security | No Comments
Monday, April 28th, 2008
Microsoft has provided security advice to web developers using its products after many such sites were compromised. Last week, hundreds of thousands of web pages were infected with a malicious iframe which tries to infect visitors with a trojan. Many high profile sites including the United Nations (un.org), the UK ...
Posted in Internet, Security | No Comments
Thursday, April 24th, 2008
There's another round of mass SQL injections going on which has infected hundreds of thousands of websites.
Performing a Google search results in over 510,000 modified pages.
Posted in Coding, Internet, Security | No Comments
Monday, April 21st, 2008
In a security alert last week, Microsoft reported a vulnerability which allows local users and users signed on with access to an Internet Information Server (IIS) or MS SQL server to escalate their privileges. Server operators such as hosting providers who allow user code to be executed, for example on ...
Posted in Coding, Privacy, Security, Windows | No Comments
Tuesday, April 15th, 2008
Is your company's Web site hacked? Today, it can be hard to tell. Online crooks who successfully break into a site often sneak in small bits of code that leave no visible trace but can attack visitors who simply view the page.
In fact, according to a Websense Security Labs report, online thugs who want ...
Posted in Coding, Internet, Networking, Privacy, Security | No Comments
Tuesday, March 18th, 2008
Hot on the heels of a recent hack in which 10,000 sites were compromised, researchers have disclosed a new large-scale attack..
Researchers at McAfee estimated that the attack has been active for roughly one week, and in that time frame has managed to place itself on roughly 200,000 web pages.
Most of ...
Posted in Internet, Security | No Comments
