Tuesday, July 29th, 2008
Cybercriminals increasingly are employing no-tech or low-tech techniques for making big money online -- no exploits or sophisticated hacker tools required.The techniques themselves aren’t new -- some have been around for nearly a decade. But the Web model has made these schemes that capitalize on so-called business logic flaws more ...
Posted in Internet, Privacy, Security | No Comments
Friday, July 18th, 2008
Clever mnemonics aside, last week we have seen another large scale SQL injection attack (or YAMSIA, if you prefer), this time being orchestrated by a botnet that has become known as Asprox—but first, a history lesson.
The code behind the Asprox botnet seems to have been around for quite some time ...
Posted in Internet, Privacy, Security | No Comments
Friday, July 4th, 2008
Microsoft will release four security patches for its Windows, Exchange, and SQL products next Tuesday, all rated "important."The Exchange and SQL flaws are "Elevation of Privilege" bugs, meaning that an attacker could theoretically exploit them to get administrative access to a PC. One of the Windows flaws is labeled a ...
Posted in Internet, Security, Software, Windows | No Comments
Wednesday, July 2nd, 2008
SQL injection attacks are probably the most common way for hackers to strike Internet-facing SQL Server databases. No matter how secure your network is or how many firewalls you have in place, any application that uses dynamic SQL and allows for unchecked user input to be passed to the database ...
Posted in Internet, Privacy, Security, Software, Windows | No Comments
Tuesday, July 1st, 2008
Yesterday I wrote a quick proposal for the Synapse project. Since not everyone has access to the Synapse project, I will share some ideas here from time to time. I started with a proposal on how to detect Xpath vulnerabilities. Since Xpath can be used in combination with every server-side ...
Posted in Coding, Internet, Linux, Networking, Security | No Comments
Page 3 of 9«12345...»Last »
