The Internet Storm Center has a great article on the most common vulnerabilities in web applications (XSS or Cross Site Scripting) https://isc.sans.edu/forums/diary/When+encoding+saves+the+day/20277/ This is where some data is attempted insertion into the web application somehow. So the unfortunate browser response from Internet explorer is Internet Explorer: GET /myform/action/post?myparam=”>%20Test So what you say I … Read more
David Krebs story: http://krebsonsecurity.com/2015/10/at-experian-security-attrition-amid-acquisitions/ I want to focus on Board of Directors decisions to grow through acquisition, wanting to do growth securely, but in practice has lots of problems. The term I like the most is Black Box Magic. (as if security is gotten with a black box magic) image from Martin’s Magic collection: http://www.martinsmagic.com/product-tag/wagoncollector/ … Read more
This is the problem with some security issues(complicated technical issues that require expertise to fix): http://www.kb.cert.org/vuls/id/361684 Home routers implementing the UPnP protocol do not sufficiently randomize UUIDs in UPnP control URLs, or implement other UPnP security measures. This attack has the beginnings of a potential problem, some vendors have sufficient protection built-in: “Some vendors have … Read more
Of the 7 black hat white papers I want to focus on the ones that can cause problems for the Cloud Computers. The above diagram is a general diagram of the amount of companies servicing different IT sectors. Security can affect both Cloud and Virtualization. I quickly outlined the problem yesterday near the … Read more
This story is unique: https://threatpost.com/wordpress-sites-backdoored-leaking-credentials/112703 A partial list of hacked sites are available on the link above (threatpost site from Zscaler research) : (Screenshot of Threatpost partial list) And the full list is here from Zscaler Threatlab website: http://research.zscaler.com/2014/12/compromised-wordpress-sites-serving.html Please do not go to the websites as they will give you malware.I went to one, … Read more
