Tuesday, November 4th, 2008 The Ruby on Rails Security Project have published a Ruby on Rails Security Guide as a free e-book and also made it available as HTML. The guide covers how to secure Ruby on Rails applications, looking at, sessions and how to manage them securely, cross site forgery, redirection and other ...
Posted in Coding, Internet, Security, Software | No Comments
Wednesday, October 8th, 2008 While there are a number of security risks in the world of electronic commerce, SQL injection is one of the most common Web site attack techniques used to steal customer data such as credit card numbers, hold customer data hostage by encrypting it or destroy data outright.Where a Web server ...
Posted in Internet, Linux, Privacy, Security, Windows | No Comments
Tuesday, August 26th, 2008 Criticize the people behind the Asprox botnet, and they take it personal—so much so that they will bombard you with malware, according to a report by SecureWorks.The botnet, now at least 50,000-strong with bots, is sending out phishing e-mails posing as messages from banks in the United States and United ...
Posted in Internet, Privacy, Security | No Comments
Tuesday, July 29th, 2008 Cybercriminals increasingly are employing no-tech or low-tech techniques for making big money online -- no exploits or sophisticated hacker tools required.The techniques themselves aren’t new -- some have been around for nearly a decade. But the Web model has made these schemes that capitalize on so-called business logic flaws more ...
Posted in Internet, Privacy, Security | No Comments
Friday, July 18th, 2008 Clever mnemonics aside, last week we have seen another large scale SQL injection attack (or YAMSIA, if you prefer), this time being orchestrated by a botnet that has become known as Asprox—but first, a history lesson.The code behind the Asprox botnet seems to have been around for quite some time ...
Posted in Internet, Privacy, Security | No Comments
