Blog Posts Tagged with "Website Security"
Avoid Cracks in Your Website's Security Armor
January 08, 2012 Added by:Allan Pratt, MBA
I have heard from several colleagues that their blogs have been compromised. While a security breach may be inevitable – heck, branches of the Federal Government and national financial institutions have been hacked – there are steps you can take to protect the valuable data...
Comments (0)
Lilupophilupop SQLi Attack: One Million URLs Infected
January 05, 2012 Added by:Headlines
"When I first came upon the attack there were about 80 pages infected according to Google searches. Today, well as the title suggests we top a million, about 1,070,000 in fact - there will be duplicate URLs that show up in the searches. Still working on a discrete domain list for this..."
Comments (0)
OWWWS - The Other Form of Occupy
December 15, 2011 Added by:Rafal Los
If we we consider the Occupy movements across the globe, demonstrating and protesting against income inequality and inequitable policies around commerce and taxation, the persistent cart vulnerability could become a seemingly benign form of occupation that could develop into a serious threat...
Comments (0)
Adidas, Steam, Israeli Sites Hacked - Where is the Outrage?
November 14, 2011 Added by:Rafal Los
Reports of a number of Israeli government-related websites, Adidas' main and affiliated websites, and now the Steam game forum have been pouring in, and while this may just be par for the course if you've been keeping score - the state of the enterprise web site appears to be in harsh decline...
Comments (0)
AmEx Secures Website Admin Debugging Panel Error
October 06, 2011 Added by:Headlines
“An attacker could inject a cookie stealer combined with jQuery’s .hide() and harvest cookies which can, ironically enough, be exploited by using the admin panel provided by sloppy American Express developers," Femerstrand explained in a blog post...
Comments (0)
High Fashion, Low Security - Part Duex
August 25, 2011 Added by:David Martinez
I spy serious SQL issues… I had the hashes for the admins table, info from the customers table, as well as the full output of the transactions and users tables, which included MD5 hashes of CC numbers. The hashes were all 64-bits from a MySQL db, which means they were probably SHA256...
Comments (0)
High Fashion - Low Security
August 15, 2011 Added by:David Martinez
In the end, I had the hashes for the admins table, full customer info from the customers table, as well as the full output of the transactions and users tables, which included MD5 hashes of CC numbers. The hashes were all 64-bits from a MySQL db, which means they were probably SHA256...
Comments (0)
SMBs Face Growing threat from Mass Meshing Attacks
June 17, 2011 Added by:Headlines
"Because they can do it at such a precise level, when they attack they don't just inject a single malicious script like in mass SQL injections. They inject a backdoor, which allows them total control of all the files on the website..."
Comments (0)
OTA Scorecard: 74% Fail to Protect Consumers Online
May 18, 2011 Added by:Headlines
While the number honored in 2011 represents a promising 3-fold increase from this time last year, 74% of the top websites analyzed did not qualify and remain vulnerable to the increased levels of cybercrime and online fraud...
Comments (0)
Hackers Cheat a Stock Market Game
May 04, 2011 Added by:Robert Siciliano
Many gaming sites have increased efforts to detect suspicious players, but savvy criminals have learned to mask their true identities, changing account information to circumvent conventional methods of fraud detection...
Comments (0)
McAfee Website Vulnerable to XSS and Other Attacks
March 29, 2011 Added by:Headlines
"The McAfee SECURE trustmark only appears when the website has passed our intensive, daily security scan. In other words, the presence of this label means that the website is not vulnerable to the exact same vulnerabilities McAfee currently has.."
Comments (1)
DoS Surpasses SQL Injections as Primary Attack Method
March 16, 2011 Added by:Headlines
"Many of these organizations foolishly think that the network security gear that they have to handle the lower level DoSing floods will take care of this and it won't. The overall amount of traffic that you have to send to take down the Web server is a lot less, and it looks legitimate..."
Comments (0)
Real-Life Example of a 'Business Logic Defect'
March 13, 2011 Added by:Rafal Los
I wanted to buy more than the site offered me at one given purchase. So I set the hamster loose on the wheel and tried something interesting that should never have worked. This type of vulnerability is a manipulation of application business logic and again, should never, ever work...
Comments (0)
Report: Websites Remain Vulnerable to Attacks
March 09, 2011 Added by:Headlines
The study looked at the both the presence of a vulnerability and the length of time before remediation. The results showed that the websites were exposed 270 days of the year on average. Education sector websites lead the pack, followed by retail and social networking sites...
Comments (0)
Infosec Insights: Getting Indexed via Twitter – Good and Bad
March 02, 2011 Added by:Brent Huston
Clearly, search engines aren’t the only types of automated applications watching the Twitter stream. My guess is that scanning engines watch it too, to some extent, and queue up hosts in a similar manner. Just like all things, there are good and bad nuances to the tweet to get indexed approach...
Comments (0)
Why does Web App Security Continue to Stink?
February 21, 2011 Added by:Andy Willingham
Many security issues arise from assuming that the advice of someone else (consultant, vendor) is going to keep you secure. Companies are rolling out web based applications faster than they realize. When you don’t know how many web apps you have, you have bigger problems than just securing them...
Comments (1)
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)
- Complimentary IT Security Resources [May 13, 2013]
- Steps Toward Weaponizing the Android Platform
- Mobile Security Processes Could Be Applied to Medical Devices: Bluebox
- The Emperor Is Naked!
- Infographic: Keeping Web Applications Safe
- Do You Have a Vendor Security Check List? You Should!