New Flash Attack Has No Real ‘Fix’

Friday, November 13th, 2009

Researchers have discovered a new attack that exploits the way browsers operate with Adobe Flash -- and there's no simple patch for it.The attack can occur on Websites that accept user-generated content -- anything from Webmail to social networking sites. An attacker basically takes advantage of the fact that a ...

‘Ardilla’ Automatically Roots Out SQL Injection And XSS, Generates Attacks

Thursday, June 18th, 2009

Researchers have built a tool that automatically finds and exploits SQL injection and cross-site scripting vulnerabilities in Web applications.The so-called Ardilla tool uses a technique developed by the researchers -- MIT's Adam Kiezun, the University of Washington's Michael Ernst, Stanford's Philip Guo, and Syracuse University's Karthick Jayaraman -- that creates ...

Phrack Issue #66 – What You Were Waiting For

Thursday, June 11th, 2009

We have the great pleasure to release today another excellent selection of the best Hacking articles this year. An issue full of new exploitation techniques and ground work on writing attack software.This issue has some evil number.. with a lot of evil content. Phrack proves once more how we can, ...

Six Steps to Stop SQL Injections

Monday, June 8th, 2009

According to IBM ISS X-Force findings, SQL injections last year became the most common Web-based attack technique. Hackers are successful with these attacks largely due to poor coding practices. The following are six ways organizations can start to mitigate the risk from SQL injections.Slideshow: http://www.baselinemag.com/c/a/IT-Management/Six-Steps-to-Stop-SQL-Injections-129263/

Mass Injection Attack Affects 40,000 Websites

Tuesday, June 2nd, 2009

Researchers at Websense have discovered a mass injection attack that is redirecting Web browsers to a malware-bearing site.According to a weekend report by researchers at Websense, thousands of legitimate Web sites have been discovered to be injected with malicious Javascript, obfuscated code that leads to an active exploit site."The active ...