Blog Posts Tagged with "Website Security"
January 08, 2012 Added by:Allan Pratt, MBA
I have heard from several colleagues that their blogs have been compromised. While a security breach may be inevitable – heck, branches of the Federal Government and national financial institutions have been hacked – there are steps you can take to protect the valuable data...
January 05, 2012 Added by:Headlines
"When I first came upon the attack there were about 80 pages infected according to Google searches. Today, well as the title suggests we top a million, about 1,070,000 in fact - there will be duplicate URLs that show up in the searches. Still working on a discrete domain list for this..."
December 15, 2011 Added by:Rafal Los
If we we consider the Occupy movements across the globe, demonstrating and protesting against income inequality and inequitable policies around commerce and taxation, the persistent cart vulnerability could become a seemingly benign form of occupation that could develop into a serious threat...
November 14, 2011 Added by:Rafal Los
Reports of a number of Israeli government-related websites, Adidas' main and affiliated websites, and now the Steam game forum have been pouring in, and while this may just be par for the course if you've been keeping score - the state of the enterprise web site appears to be in harsh decline...
October 06, 2011 Added by:Headlines
“An attacker could inject a cookie stealer combined with jQuery’s .hide() and harvest cookies which can, ironically enough, be exploited by using the admin panel provided by sloppy American Express developers," Femerstrand explained in a blog post...
August 25, 2011 Added by:David Martinez
I spy serious SQL issues… I had the hashes for the admins table, info from the customers table, as well as the full output of the transactions and users tables, which included MD5 hashes of CC numbers. The hashes were all 64-bits from a MySQL db, which means they were probably SHA256...
August 15, 2011 Added by:David Martinez
In the end, I had the hashes for the admins table, full customer info from the customers table, as well as the full output of the transactions and users tables, which included MD5 hashes of CC numbers. The hashes were all 64-bits from a MySQL db, which means they were probably SHA256...
June 17, 2011 Added by:Headlines
"Because they can do it at such a precise level, when they attack they don't just inject a single malicious script like in mass SQL injections. They inject a backdoor, which allows them total control of all the files on the website..."
May 18, 2011 Added by:Headlines
While the number honored in 2011 represents a promising 3-fold increase from this time last year, 74% of the top websites analyzed did not qualify and remain vulnerable to the increased levels of cybercrime and online fraud...
May 04, 2011 Added by:Robert Siciliano
Many gaming sites have increased efforts to detect suspicious players, but savvy criminals have learned to mask their true identities, changing account information to circumvent conventional methods of fraud detection...
March 29, 2011 Added by:Headlines
"The McAfee SECURE trustmark only appears when the website has passed our intensive, daily security scan. In other words, the presence of this label means that the website is not vulnerable to the exact same vulnerabilities McAfee currently has.."
March 16, 2011 Added by:Headlines
"Many of these organizations foolishly think that the network security gear that they have to handle the lower level DoSing floods will take care of this and it won't. The overall amount of traffic that you have to send to take down the Web server is a lot less, and it looks legitimate..."
March 13, 2011 Added by:Rafal Los
I wanted to buy more than the site offered me at one given purchase. So I set the hamster loose on the wheel and tried something interesting that should never have worked. This type of vulnerability is a manipulation of application business logic and again, should never, ever work...
March 09, 2011 Added by:Headlines
The study looked at the both the presence of a vulnerability and the length of time before remediation. The results showed that the websites were exposed 270 days of the year on average. Education sector websites lead the pack, followed by retail and social networking sites...
March 02, 2011 Added by:Brent Huston
Clearly, search engines aren’t the only types of automated applications watching the Twitter stream. My guess is that scanning engines watch it too, to some extent, and queue up hosts in a similar manner. Just like all things, there are good and bad nuances to the tweet to get indexed approach...
February 21, 2011 Added by:Andy Willingham
Many security issues arise from assuming that the advice of someone else (consultant, vendor) is going to keep you secure. Companies are rolling out web based applications faster than they realize. When you don’t know how many web apps you have, you have bigger problems than just securing them...
Steps Toward Weaponizing the Android Platfor... Freid Jerome on 05-17-2013