Massive IFRAME SEO Poisoning Attack Continuing

Friday, March 28th, 2008

Last week's massive IFRAME injection attack is slowly turning into a what looks like a large scale web application vulnerabilities audit of high profile sites. Following the timely news coverage, Symantec's rating for the attack as medium risk, StopBadware commenting on XP Antivirus 2008, and US-CERT issuing a warning about ...

SQL query injection for dummies

Friday, March 28th, 2008

The purpose of this article is to help people without advanced computer knowledge to start white hacking and learn how to write more secure login web pages. When I started to learn about security, even though I searched really hard, I did not manage to find articles that would tell ...

Guarding the guardians: A story of PGP key ring theft

Thursday, March 27th, 2008

A couple of weeks ago, we received a CHM, or Windows Help file, embedded in e-mail as part of a targeted attack campaign against an NGO. Virus detection was near zero. On Virustotal.com, two solutions actually flagged it as malicious. After decompiling the CHM file, which you can easily do using tools ...

Opera now passes the ACID3 test

Thursday, March 27th, 2008

I have a quick update on where we are with Acid3.  Since the test was officially announced recently, our Core developers have been hard at work fixing bugs and adding the missing standards support.  Today we reached a 100% pass rate for the first time! There are some remaining issues ...

Firefox Web Application Testing Tools

Monday, March 24th, 2008

Exploit-Me is a suite of Firefox web application security testing tools. Exploit-Me tools are designed to be lightweight and easy to use. Instead of using a proxy like many web application testing tools, Exploit-Me integrates directly with Firefox. It currently consists of two tools, one for XSS and one for ...