Web App Security
From the Web
Cloud/SaaS will do for websites what PCI-DSS has not
October 02, 2009 from: Jeremiah Grossman's Blog
If a would-be Cloud/Software-as-a-Service (SaaS) customer is concerned about security, and they should be since their business is on the line, then security should be the vendors concern as well. Unless the Cloud/SaaS vendor is able to meet a customer’s minimum requirements, they risk losing the business to a competitor who can.
Comments (1)
Facebook’s Faith: A New Scareware Attack
October 01, 2009 Added by:Daniel Kennedy
On Thursday morning, AVG researcher Roger Thompson, after sourcing some spyware attacks to a series of Facebook profiles, noted that these few hundred profiles were showing up with the same profile image but different profile information. The home video link on these profiles, belonging to Faith / Emily / whoever, points to the a web site that displays scareware dialogs: netmedtest.com/index.php?a...
Comments (1)
From the Web
A Glimpse Into the Future of Browser Security
September 30, 2009 from: Mozilla Security Blog
As we mentioned earlier we’ve been working for the past few months on turning the Content Security Policy specification into working Firefox code. (You’ll remember that CSP is a framework to protect websites from XSS and related attacks). We are happy to report that the work is nearly finished, and we have some preview builds available for you to try out.
Comments (0)
From the Web
What Star Trek Predicts About The Future of Information Security
September 18, 2009 from: Rsnake's blog at ha.ckers.org
I had a funny thought while talking with some folks from Intel about what the future state of of information security would look like and how that relates to what our favorite nerdy show, Star Trek, has to say on the topic. This is meant to be a funny post, but there may be some truth buried in here somewhere too. Without further ado:
Comments (2)
From the Web
Man sentenced for micro-deposit scam
September 17, 2009 from: Office of Inadequate Security
A 22-year old man was sentenced to 15 months in prison and restitution of $200,073.44 for fraud and related activity in connection with computers. After release from prison, Michael Largent will also face three years of strict restrictions on his use of computers and the Internet.
Comments (0)
From the Web
Plugin Updating Project: Follow up
September 16, 2009 from: Mozilla Security Blog
I wrote last week about a new project we’ve [Mozilla] started, informing our users when they’re running out of date versions of popular plugins. We focused our initial efforts on the Adobe Flash Player and now, a week after launch, Mozilla’s Numerator, Ken Kovash, has a blog post up looking at the results.
Comments (0)
From the Web
Website exposes sensitive details on military personnel
September 08, 2009 from: Office of Inadequate Security
Programming errors on a website that helps commuters carpool to work are exposing sensitive information of workers for hundreds of employers in Southern California, including at least one military installation.
Comments (1)
From the Web
Email Obfuscation and Spam Robots
September 08, 2009 from: Rsnake's blog at ha.ckers.org
I’ve long been interested in spam and robots that scrape for email addresses. I’ve done tons of work in the space, although I’ve never published any of it. Call it more of a side hobby than anything I really want to go public with - as it is with a lot of my research
Comments (0)
From the Web
Helping users keep plugins updated
September 04, 2009 from: Mozilla Security Blog
Starting with the upcoming releases of Firefox 3.5.3 and Firefox 3.0.14, Mozilla will warn users if their version of the popular Adobe Flash Player plugin is out of date. Old versions of plugins can cause crashes and other stability problems, and can also be a significant security risk.
Comments (0)
From the Web
Best of Application Security (Friday, Sep. 4)
September 04, 2009 from: Jeremiah Grossman's Blog
Ten of Application Security industry's coolest, most interesting, important, and entertaining links from the past week -- in no particular order. Regularly released until year end. Then the Best of Application Security 2009 will be selected!
Comments (0)
From the Web
Why some Firefox users choose not to update
August 25, 2009 from: Mozilla Security Blog
The best way for users to stay safe online is to use an updated browser. While most Firefox users get updated quickly, some fall behind for various reasons. We’re looking for ways to increase uptake while still preserving user choice.
Comments (0)
From the Web
Google Safe-Browsing and Chrome Privacy Leak
August 24, 2009 from: Rsnake's blog at ha.ckers.org
Some more advice from Robert "RSnake" Hansen on why you shoulld be careful if using Google's Chrome browser.
Comments (0)
From the Web
Symantec names the 100 “Dirtiest” websites of the summer
August 22, 2009 from: Office of Inadequate Security
In an effort to determine which sites are safe to visit, security, storage and systems management solutions provider Symantec (www.symantec.com) has identified the “Dirtiest websites of Summer 2009,” a list of the 100 most threatening sites that try to deceive visitors, steal their information or crash their computer.
Comments (0)
From the Web
Risky use of real data in application development
August 21, 2009 from: Office of Inadequate Security
Most organizations in the U.S. and U.K. put their sensitive customer and company data at risk during their application development and testing processes, according to a new study. 80% surveryed were hit by at least one breach in the past 12 months.
Comments (0)
From the Web
Overcoming Objections to an Application Security Program
August 17, 2009 from: Jeremiah Grossman's Blog
Today a large percentage of security professionals truly “get” application security. They understand the importance, the best-practices, the value, etc. What inhibits their success the most in building an effective application security program is a lack of buy-in from the business and support from development groups.
Comments (1)
Are you running a WordPress Blog? Update it today
August 12, 2009 Added by:Michael Menefee
Another security release for Wordpress was released yesterday (version 2.8.4) which patches a rather annoying security flaw discovered with all prior versions. By sending a specially crafted URL as an unauthenticated user to your WP blog, and attacker can essential reset your admin password and lock you out of your blog.
Comments (0)
- Five Things Your InfoSec Team Should Do in the Next 30 Days
- The Disclosure Debate Continues….. (part 1,453, 769) to be Continued
- The Danger of Mixing Cyber Espionage with Cyber Warfare
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)