Blog Posts Tagged with "Cross Site Scripting"
Automation, Dog Food and a Security State of Mind
January 20, 2013 Added by:Fergal Glynn
As a developer, I don’t focus on is security. I usually get the security correct, but my main goal is making all the parts work together well. And that’s true of most developers most of the time...
Comments (0)
Moving From Poisoning the Ocean to Poisoning the Watering Hole
October 29, 2012 Added by:Fergal Glynn
Using the watering hole analogy, if you are the owner of a location where people congregate to drink you need to keep the beverages safe and clean. Unfortunately digital safety is decades behind food safety. If you own a website you need to understand what SQL Injection and XSS are...
Comments (0)
Yourikan Claims Ninety-One Iranian Websites Hacked
August 07, 2012 Added by:Headlines
Pro-Israeli hacker Yourikan (you-r!-k@n) is claiming to have hacked and defaced as many as ninety-one Iranian websites including government, education and business targets in protest of Iran's continued pursuit of nuclear weapons and support for terrorist activities targeting Israel...
Comments (0)
On th3j35t3r's Project Looking Glass
July 05, 2012 Added by:ʞɔopuooq ʇuıɐs
There haven’t been a lot of ‘TANGO DOWNS’ over the last few months. I decided that I should concentrate on targeted intelligence gathering. I needed a way to get the real world identity of ‘the marks’ – be it Anons, Jihadists or forum admins. Over the last few months I have been running ‘Project Looking Glass’...
Comments (3)
Despite Breach Trends - Website Vulnerabilities Decrease
July 02, 2012 Added by:Headlines
"Despite the plethora of recent breach headlines, websites could in fact be getting... less vulnerable... The time for using 'No one would want to attack us' as a security strategy is clearly over, if it was ever true to begin with. Any company doing business online has something worth hacking into..."
Comments (1)
Disclosures: The Vulnerability of Publicly Traded Companies
June 12, 2012 Added by:Fergal Glynn
What we’ve been lacking is quantitative information that helps inform the debate around application security. We want to use this data to shape the conversation around application security so that our attention gets focused on the right things and our investments get made in the right areas...
Comments (1)
ICS-CERT: Siemens WinCC Multiple Vulnerabilities
June 08, 2012 Added by:Infosec Island Admin
Researchers have identified multiple vulnerabilities in the Siemens WinCC application, and Siemens identified an additional vulnerability, that may allow an attacker to gain unauthorized access, read from, or write to files and settings on the target system...
Comments (0)
Solving Problems from the Security Viewpoint
June 07, 2012 Added by:Rafal Los
From experience, there are 3 clearly identified causes for poor adoption of well-intentioned security-built technology into everyday development and systems building... Let's take a look at them and see what can be done to raise the level of adoption from each case...
Comments (0)
ICS-CERT: Emerson DeltaV Multiple Vulnerabilities
May 31, 2012 Added by:Infosec Island Admin
Researchers have identified multiple vulnerabilities in the Emerson DeltaV application which can be can be exploited by a remote attacker and could allow denial of service, information disclosure, or remote code execution. Emerson has produced a hotfix that mitigates these vulnerabilities...
Comments (0)
Data Mining A Mountain of Zero Day Vulnerabilities
May 22, 2012 Added by:Fergal Glynn
Information leakage happens when sensitive information is displayed to the a user inadvertently. An example would be pathnames or database IP addresses returned within an error message to a user. An attacker can use this information to undermine the system...
Comments (0)
Apple Releases OS X and Safari Security Updates
May 11, 2012 Added by:Headlines
Apple has released critical security updates for OS X and Safari to address several vulnerabilities which could allow an attacker to obtain sensitive information, execute arbitrary code, escalate privileges, conduct a cross-site scripting attack, or cause a denial-of-service...
Comments (0)
ICS-CERT: Koyo Ecom100 Multiple Vulnerabilities
April 16, 2012 Added by:Infosec Island Admin
ICS-CERT is aware of a public report of multiple vulnerabilities with proof-of-concept exploit code affecting the Koyo ECOM100 Ethernet Module. A brute force password cracking tool has been released that targets a weak authentication vulnerability in the ECOM series modules...
Comments (0)
ICS-CERT: Invensys Wonderware Server Multiple Vulnerabilities
April 04, 2012 Added by:Infosec Island Admin
Researchers have identified multiple vulnerabilities in the Invensys Wonderware Information Server which if exploited could allow denial of service, information disclosure, remote code execution, or session credential high jacking. Invensys has developed a security update...
Comments (0)
Tangled Web: A Guide to Securing Modern Web Applications
February 26, 2012 Added by:Ben Rothke
There is no doubt that some sites use cookies as a mechanism for malicious use. But that there is nothing that makes it uniquely suited for this task, as there are many other equivalent ways to sore unique identifiers on visitor’s computes, such as cache-based tags...
Comments (0)
ICS-CERT: Advantech Webaccess Multiple Vulnerabilities
February 17, 2012 Added by:Headlines
ICS-CERT received reports of eighteen vulnerabilities in BroadWin WebAccess. These vulnerabilities include Cross-site scripting (XSS), SQL injection, Cross-site report forgery (CSRF)and Authentication issues. Public exploits are known to target these vulnerabilities...
Comments (0)
Disclosures: How Much Sharing is Too Much?
February 15, 2012 Added by:Jack Daniel
What is the point of telling you I was compromised by spear phishing, SQL injection, cross site scripting, cross site request forgery, default credentials, or anything else we’ve know about for years? If you are ignoring all of the well-known risks, it is a waste of time...
Comments (0)
- The Danger of Mixing Cyber Espionage with Cyber Warfare
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)
- Complimentary IT Security Resources [May 13, 2013]
- Steps Toward Weaponizing the Android Platform