Microsoft Unveils New Internet Explorer Security Features

Wednesday, July 2nd, 2008

Internet Explorer's getting a little bit safer. Microsoft Wednesday unveiled significant new security features that will be in the next version of the company's Web browser, Internet Explorer 8, currently in public beta testing. From Microsoft's standpoint, any improvement in security is a plus, and the company seems to be taking ...

Zero-day flaw haunts Internet Explorer

Thursday, June 26th, 2008

An unpatched cross-domain vulnerability in Microsoft’s flagship Internet Explorer browser could expose Windows users to cookie hijacks and credentials theft attacks, according to a warning from security researchers. The zero-day flaw, which has been reported to Microsoft, is a variation of Eduardo Vela’s IE Ghost Busters talk: Do you believe in ghosts? ...

Major security sites hit by XSS bugs

Thursday, June 12th, 2008

The websites of three of the security industry's best-known companies include security flaws that could be used to launch scams against customers, according to a new report. The report, from security watchdog site XSSed, verified 30 cross-site scripting (XSS) vulnerabilities across the sites of McAfee, Symantec and VeriSign. The flaws could ...

XSS Methods Also Seen Being Used in Mass Compromises

Sunday, June 1st, 2008

XSS (Cross-Site Scripting) Very Much Alive and Kicking We were about to investigate further on malicious activities related to banner82(dot)com/b.js but the URL was already inaccessible around Tuesday. Soon enough the malicious script in www(dot)adw95(dot)com caught our interest. A rough survey of the sites compromised by this script reveal that the ...

Firefox developers tinker with new security protections

Tuesday, May 20th, 2008

Developers of the Firefox browser are designing new technologies aimed at protecting users from some of the nastiest and most prevalent forms of website attacks. One protection is designed to minimize end users' risk to cross-site scripting (XSS) attacks and cross-site request forgeries (CSRFs), both of which subvert basic internet security ...

ZoneAlarm ForceField - Virtualized Browser Security

Monday, May 12th, 2008

ZoneAlarm ForceField provides a protective layer around your browser, shielding you from drive-by downloads, browser exploits, phishing attempts, spyware and keyloggers. So your passwords, your confidential information, and your financial data remain protected. While traditional security, such as firewalls, antivirus, and security suites, protects your PC, ZoneAlarm ForceField protects your browser ...

WordPress PHP Code Execution and Cross-Site Scripting

Monday, April 28th, 2008

Two vulnerabilities have been reported in WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and to compromise a vulnerable system. 1) A vulnerability is caused due to improper access restriction of the administration section. This can be exploited to bypass the authentication ...

WordPress 2.5 Cookie Forging Explained

Saturday, April 26th, 2008

WordPress 2.5.1 came out recently. It includes a critical security fix for a cookie integrity bug that would allow an attacker to impersonate other users, including WordPress admins, by manipulating the contents of an HTTP cookie. Whenever I read about a vulnerability predicated on the user identity being embedded ...

Create a mirror of a website with Wget

Wednesday, April 23rd, 2008

GNU’s wget command line program for downloading is very popular, and not without reason. While you can use it simply to retrieve a single file from a server, it is much more powerful than that and offers many more features. One of the more advanced features in wget is the mirror ...

The Snare Of Unauthorized Requests

Monday, April 21st, 2008

Almost everyone knows what CSRF or better unauthorized requests are. I never really embraced CSRF as the correct term for unauthorized request issues, because the term is outdated and inadequate to contemporary hacking. For me, an unauthorized request is the layer or automation of a hacking procedure without direct interference ...