Vulnerabilities

69dafe8b58066478aea48f3d0f384820

Java Applet Distributes Trojan via Downloader Injection

December 31, 2010 Added by:Headlines

More than two-thousand weblinks direct users to domains that can inject malicious code by way of a Java downloader applet. The code is contained in the HTML of the infected sites, and infects the visitor's computers with a hidden iFrame containing a JavaScript function...

Comments  (1)

D8853ae281be8cfdfa18ab73608e8c3f

Project Honeypot HTTP Blocklist Module

December 29, 2010 Added by:Rob Fuller

Project Honeypot does an amazing job at keeping detailed information on scanners / harvesters and brute forcers, the likes of which are the daily enemy of said admins. They offer a service called HTTP Block List or 'HTTP:BL'...

Comments  (0)

E973b16363b3de77b360563237df7e32

Protecting Against Firesheep with Strict Transport Security

December 27, 2010 Added by:Bozidar Spirovski

Remember, this only protects you against sites that are either already using STS or sites that you have manually added. This really isn't a scalable approach since xyz.com could be vulnerable and you wouldn't know unless you inspected the traffic going back and forth...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Unpatched Internet Explorer Flaw Leaves PCs Vulnerable

December 27, 2010 Added by:Headlines

The flaw is present in IE versions 6 through 8,and will allow the injection of malicious code if a user visits websites designed to exploit the vulnerability by exploiting how the browser controls a computer's memory when processing the instructions for the presentation of a webpage, the CSS...

Comments  (0)

Ba5964a1284ac16d4277991e7225699c

Four-Hundred Plus Reasons for a Website Security Scan

December 16, 2010 Added by:Jason Remillard

We all struggle sometimes to document the myriad effects and risks of web hacking, spamming and SEO results theft. As with anything sometimes it takes someone else's eyes to review the situation and perhaps put better phraseology to it...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Why There Are No More Internal Applications

December 15, 2010 Added by:Rafal Los

That architects would score internal applications as low-risk automatically on the basis of being accessible only by people inside the corporate firewall made real security purists cry. But now there is a good chance these highly publicized developments may change hearts and minds...

Comments  (1)

37d5f81e2277051bc17116221040d51c

Cross-Site Scripting and Criminal Hacks

December 14, 2010 Added by:Robert Siciliano

JavaScript is everywhere, making the Internet pretty and most websites user friendly. Unfortunately, hackers have learned to manipulate this ubiquitous technology. Java can be used to launch a cross-site scripting attack, leveraging a vulnerability found in applications that incorporate Java...

Comments  (1)

065b7cfbbb03ac9d18cbf5ed0615b40a

The Misconceptions of Sidejacking with Firesheep

December 12, 2010 Added by:Stefan Fouant

Recent activity around a new Firefox extension developed by a pair of researchers brings the issue of session hijacking front and center. Firesheep essentially enables an attacker to grab other people's credentials and use them to gain access to various web sites...

Comments  (0)

A88973e7d0943d295c99820ab9aeed27

Is Your VOIP Secure?

December 07, 2010 Added by:Simon Heron

VOIP has tremendous benefits for business users – which include cost savings and greater productivity – but like anything else it comes with associated security risks for the corporate network, and these risks must be identified prior to VOIP being rolled out...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Browser Flaw Allows Website History Sniffing

December 06, 2010 Added by:Headlines

Researchers have discovered a vulnerability that allows harvesting of the browser histories for Firefox and Internet Explorer users. The flaw lets websites that contain some simple code to see what websites visitors have been to, and enables detailed profiling of users web habits...

Comments  (0)

E973b16363b3de77b360563237df7e32

Preventing XSS with a Content Security Policy

November 22, 2010 Added by:Bozidar Spirovski

Although an individual XSS can easily be addressed, the overall cat and mouse game of effectively ridding an application of XSS can be very difficult. To combat this problem a new security feature, Content Security Policy, has been introduced into the Mozilla Firefox browser...

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

Alert: New OpenSSL Vulnerability

November 18, 2010 Added by:Brent Huston

A new security issue in OpenSSL should be on the radar of your security team. Stunnel and Apache are NOT affected, many other packages appear to be. The issue allows denial of service and possibly remote code execution. Patches for OpenSSL and packages that use it are starting to roll in...

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

Using ProFTPd for Core Processing Anywhere?

November 11, 2010 Added by:Brent Huston

If so, you might want to pay attention to this announcement of a critical remote vulnerability in the daemon. A patch is now available and should be applied quickly if you have core processes using this application. You can read the entire alert here...

Comments  (0)

37d5f81e2277051bc17116221040d51c

Five Ways Identities Are Stolen Online

October 22, 2010 Added by:Robert Siciliano

Cybercrime has become a trillion dollar issue. In a recent survey, hundreds of companies around the world estimated that they had lost a combined $4.6 billion in intellectual property as a result of data breaches, and spent approximately $600 million repairing the damage. Based on these numbers, McAfee projects that companies lost more than a trillion dollars in the last year.

Comments  (1)

6d117b57d55f63febe392e40a478011f

Seminar to Feature ISECOM's OSSTMM v3

October 13, 2010 Added by:Anthony M. Freed

The OSSTMM is a peer-reviewed methodology for performing security tests and metrics divided into five channels: information and data controls, fraud and social engineering, computer and telecommunications networks, wireless devices, physical security access controls, and security processes...

Comments  (1)

11146d62a6c31fb9fac8ac8ac991e08d

There is No Incentive to End Security Apathy

October 11, 2010 Added by:Andy Willingham

I’m all for protecting peoples accounts no matter what type they are. After all I am in Information Security for a reason. The problem is that protecting accounts requires the user to want to protect it. We can’t continue to hold their hands and fix all of their problems for them...

Comments  (1)

Page « < 14 - 15 - 16 - 17 - 18 > »