FBI: Watch for Fake Government Sites

by

ISIL is defacing web Sites using WordPress vulnerabilities http://www.ic3.gov/media/2015/150407-1.aspx  ic3=Internet Crime Complaint Center recommendation is to update your WordPress website as much as possible when necessary: check the following sites: http://www.securityfocus.com/bid, http://cve.mitre.org/index.html, https://www.us-cert.gov/ for vulnerabilities and update your site as needed.   In practicality it means updating your WordPress site as the plugins are updated … Read more

How Dangerous is SQL Injection?

by

A good tutorial of basic SQL injection (without a tool): http://www.kalitutorials.net/2014/03/sql-injection-how-it-works.html Notice the bottom entryuser-id field: ‘ OR 1= 1; /* and in password field: */– As it states in the image (from the kalitutorials website) the second statement gives you access to data of all accounts.   Why is this? because a 1=1 statement … Read more

Training the Next Cybersecurity Professionals

by

http://www.darkreading.com/operations/educating-the-cyberwarriors-of-the-future/a/d-id/1319590   Jeff Shilling opines that we need more experienced people in the Cybersecurity field. As usual the issue is senior-level execs do not fully understand all the ramification differences with 1.  a person with 5+ years experience in IT plus Cyber Security Knowledge   (no university degree)some certifications or 2. a person with 2 … Read more

Fake Apps Fooling Thousands

by

It is worthwhile to discuss Fake apps: http://www.hotforsecurity.com/blog/dont-be-fooled-bitdefender-anti-prank-tool-does-not-exist-11664.html There are “fake” apps which claim to be anti-virus or other legitimate apps (like games) but in reality are stealing your information on your phones and computers. Example: Guardian story Here is a Criminal developer boasting(on a discussion board) about creating the fake Flappybird app which steals … Read more

Testing Website With Owasp-zap

by

The Google code website link: https://code.google.com/p/zaproxy/ Here is an interesting bit of info (from the link above): ZAP came second in the Top Security Tools of 2014 as voted by ToolsWatch.org readers   Here is a screenshot with my test on my own website – www.fixvirus.com I clicked on the response tab after Owasp-Zap tries to … Read more