Tuesday, July 29th, 2008
Cybercriminals increasingly are employing no-tech or low-tech techniques for making big money online -- no exploits or sophisticated hacker tools required.The techniques themselves aren’t new -- some have been around for nearly a decade. But the Web model has made these schemes that capitalize on so-called business logic flaws more ...
Posted in Internet, Privacy, Security | No Comments
Thursday, July 17th, 2008
Several Cross Site Scripting vulnerabilities were found in within Outlook Web Access (OWA) 2003/2007. An attacker can craft a malicious email which will trigger within a user's browser. Different version of OWA and different clients (Light and Premium) have different attack vectors which can result in an attacker gaining *persistent* ...
Posted in Internet, Security, Windows | No Comments
Tuesday, July 8th, 2008
I'm pretty excited by Opera's Userscripts that allow you to write Javascript files that are far richer than greasemonkey Userscripts -which is also supported by Opera- I've written a security plugin for Opera last night, that attempts to mitigate various Javascript attack vectors. But, one problem for writing a security ...
Posted in Coding, Internet, Privacy, Security | No Comments
Wednesday, July 2nd, 2008
Internet Explorer's getting a little bit safer. Microsoft Wednesday unveiled significant new security features that will be in the next version of the company's Web browser, Internet Explorer 8, currently in public beta testing.
From Microsoft's standpoint, any improvement in security is a plus, and the company seems to be taking ...
Posted in Coding, Internet, Privacy, Security, Windows | No Comments
Tuesday, July 1st, 2008
Our research team has identified a web-based attack technique that exploits the growing number of applications that require a web server being run on a local machine. Cross-Environment Hopping (CEH) is a result of this trend combined with the current limitations in browsers’ same-origin policy access restrictions.
The CEH technique enables ...
Posted in Coding, Internet, Networking, Privacy, Security | No Comments
Thursday, June 26th, 2008
Yahoo has fixed a vulnerability that could allow a hacker to get access to a person's webmail account.
The problem was in the way Yahoo's mail interacts with version 8.1.0.209 of its IM application, according to web application security company Cenzic.
Cenzic notified Yahoo of the problem in May, and the company ...
Posted in Coding, Internet, Privacy, Security, Software | No Comments
Wednesday, June 18th, 2008
"HTML forms (i.e. <form>) are one of the features in HTTP that allows users to send data to HTTP servers. An often overlooked feature is that due to the nature of HTTP, the web browser has no way of identifying between an HTTP server and one that is not an ...
Posted in Coding, Internet, Privacy, Security | No Comments
Saturday, June 14th, 2008
Cross-Site Scripting (XSS) is an attack that's pretty basic to detect, pretty basic in execution, and you'd think that it would be rather simple to understand. Unfortunately this is apparently not the case. I won't go into the details of Cross-Site Scripting because others have beat that to death - ...
Posted in Coding, Internet, Privacy, Security | No Comments
Thursday, June 12th, 2008
The websites of three of the security industry's best-known companies include security flaws that could be used to launch scams against customers, according to a new report.
The report, from security watchdog site XSSed, verified 30 cross-site scripting (XSS) vulnerabilities across the sites of McAfee, Symantec and VeriSign. The flaws could ...
Posted in Coding, Internet, Privacy, Security | No Comments
Monday, June 9th, 2008
Should they all be trusted at first sight by unsuspecting online users? Yes, unfortunately this is the case with the websites of renowned and respected IT security companies. However, now that are all vulnerable to cross-site scripting, the possibilities to get phished and infected with malware and crimeware are dramatically ...
Posted in Coding, General BS, Internet, Privacy, Security | No Comments
