Project Honeypot HTTP Blocklist Module

December 29, 2010 Added by:Rob Fuller

Project Honeypot does an amazing job at keeping detailed information on scanners / harvesters and brute forcers, the likes of which are the daily enemy of said admins. They offer a service called HTTP Block List or 'HTTP:BL'...

Comments  (0)


Protecting Against Firesheep with Strict Transport Security

December 27, 2010 Added by:Bozidar Spirovski

Remember, this only protects you against sites that are either already using STS or sites that you have manually added. This really isn't a scalable approach since could be vulnerable and you wouldn't know unless you inspected the traffic going back and forth...

Comments  (0)


Unpatched Internet Explorer Flaw Leaves PCs Vulnerable

December 27, 2010 Added by:Headlines

The flaw is present in IE versions 6 through 8,and will allow the injection of malicious code if a user visits websites designed to exploit the vulnerability by exploiting how the browser controls a computer's memory when processing the instructions for the presentation of a webpage, the CSS...

Comments  (0)


Four-Hundred Plus Reasons for a Website Security Scan

December 16, 2010 Added by:Jason Remillard

We all struggle sometimes to document the myriad effects and risks of web hacking, spamming and SEO results theft. As with anything sometimes it takes someone else's eyes to review the situation and perhaps put better phraseology to it...

Comments  (0)


Why There Are No More Internal Applications

December 15, 2010 Added by:Rafal Los

That architects would score internal applications as low-risk automatically on the basis of being accessible only by people inside the corporate firewall made real security purists cry. But now there is a good chance these highly publicized developments may change hearts and minds...

Comments  (1)


Cross-Site Scripting and Criminal Hacks

December 14, 2010 Added by:Robert Siciliano

JavaScript is everywhere, making the Internet pretty and most websites user friendly. Unfortunately, hackers have learned to manipulate this ubiquitous technology. Java can be used to launch a cross-site scripting attack, leveraging a vulnerability found in applications that incorporate Java...

Comments  (1)


The Misconceptions of Sidejacking with Firesheep

December 12, 2010 Added by:Stefan Fouant

Recent activity around a new Firefox extension developed by a pair of researchers brings the issue of session hijacking front and center. Firesheep essentially enables an attacker to grab other people's credentials and use them to gain access to various web sites...

Comments  (0)


Is Your VOIP Secure?

December 07, 2010 Added by:Simon Heron

VOIP has tremendous benefits for business users – which include cost savings and greater productivity – but like anything else it comes with associated security risks for the corporate network, and these risks must be identified prior to VOIP being rolled out...

Comments  (0)


Browser Flaw Allows Website History Sniffing

December 06, 2010 Added by:Headlines

Researchers have discovered a vulnerability that allows harvesting of the browser histories for Firefox and Internet Explorer users. The flaw lets websites that contain some simple code to see what websites visitors have been to, and enables detailed profiling of users web habits...

Comments  (0)


Preventing XSS with a Content Security Policy

November 22, 2010 Added by:Bozidar Spirovski

Although an individual XSS can easily be addressed, the overall cat and mouse game of effectively ridding an application of XSS can be very difficult. To combat this problem a new security feature, Content Security Policy, has been introduced into the Mozilla Firefox browser...

Comments  (0)


Alert: New OpenSSL Vulnerability

November 18, 2010 Added by:Brent Huston

A new security issue in OpenSSL should be on the radar of your security team. Stunnel and Apache are NOT affected, many other packages appear to be. The issue allows denial of service and possibly remote code execution. Patches for OpenSSL and packages that use it are starting to roll in...

Comments  (0)


Using ProFTPd for Core Processing Anywhere?

November 11, 2010 Added by:Brent Huston

If so, you might want to pay attention to this announcement of a critical remote vulnerability in the daemon. A patch is now available and should be applied quickly if you have core processes using this application. You can read the entire alert here...

Comments  (0)


Five Ways Identities Are Stolen Online

October 22, 2010 Added by:Robert Siciliano

Cybercrime has become a trillion dollar issue. In a recent survey, hundreds of companies around the world estimated that they had lost a combined $4.6 billion in intellectual property as a result of data breaches, and spent approximately $600 million repairing the damage. Based on these numbers, McAfee projects that companies lost more than a trillion dollars in the last year.

Comments  (1)


Seminar to Feature ISECOM's OSSTMM v3

October 13, 2010 Added by:Anthony M. Freed

The OSSTMM is a peer-reviewed methodology for performing security tests and metrics divided into five channels: information and data controls, fraud and social engineering, computer and telecommunications networks, wireless devices, physical security access controls, and security processes...

Comments  (1)


There is No Incentive to End Security Apathy

October 11, 2010 Added by:Andy Willingham

I’m all for protecting peoples accounts no matter what type they are. After all I am in Information Security for a reason. The problem is that protecting accounts requires the user to want to protect it. We can’t continue to hold their hands and fix all of their problems for them...

Comments  (1)


Domain Name System and Cyber Security Vulnerability

October 11, 2010 Added by:Jon Stout

The original design of the Domain Name System did not include robust security features; it was designed to be a scalable and open distributed system with backwards compatibility, and attempts to add security were rudimentary and did not keep pace with malicious hackers...

Comments  (0)

Page « < 14 - 15 - 16 - 17 - 18 > »