Search engines are now routinely used to find ways of gaining unauthorized access to servers. Michael Cobb explains how to avoid exposing your important data to 'Google dorks.'

What is it?  read more »

 read more »

Plus ca change, plus c'est la meme chose.  read more »

Julius von Bismarck invented a very interesting hacking technique to manipulate images taken by people. His Image Fulgurator can project text or other images on an object that is being photographed, but only becomes visible on the photograph itself. People's great trust in their photographic reproductions of reality was what motivated Julius to develop the Image Fulgurator.  read more »

I just come to know about a new service which supports the blogging by email.you only needs to send a mail containing a blog post and then this service will create a blog for you.No doubt it makes life much simple but then it can be misused easily.consider a case when someone want to spam the site as there are no login required some one can easily sent tons of spam from different ips,emails and the result will be dangerous.  read more »

In the last eight years or so, I’ve probably been to more than 100 security conferences, workshops, trade shows and seminars and I’m hard-pressed to come up with one that’s been more informative or entertaining than the Workshop on Economics in Information Security that’s taking place at Dartmouth College this week. As you might expect, [...]  read more »

A sharp rise in the volume of malicious spam this month can be largely attributed to the Srizbi botnet, according to researchers at Marshal. Spam intended to infect users’ computers with malware tripled in one week, jumping from 3 percent of total spam at the beginning of June to 9.9 percent the following week.The Srizbi [...]  read more »

Researchers at Cenzic discovered a vulnerability in Yahoo Mail they said could allow attackers to steal Yahoo identities and potentially access users’ sensitive information.The company, a Web application security provider based in Santa Clara, Calif., notified Yahoo of the cross-site scripting flaw in its popular Web mail program on May 23 and Yahoo fixed it [...]  read more »

A team of security resarchers warn that a patch-based exploit generation technique could be easily carried out by an attacker.

Symantec integrated its acquisition of Altiris with the release of Endpoint Management Suite 1.0.

Ok this a re-hash of Nitesh Dhanjani finding in the Apple Safari browser[1]. I read that Billy Rios[2] also found something similar in Firefox. That is very interesting, because I assumed -which is the mother of all fuckups- that Firefox was a bit more strict in checking content-types. Anyway, I read some discussion about it and wanted to give my take on it. I gleamed over the examples provided by Nitesh, and I could not help myself uttering only one sentence: content negotiation.  read more »

It is better to have less thunder in the mouth and more lightning in the hand. -- Apache proverb.  read more »

The steady drumbeat of acquisitions in the security industry continues, with the latest deal being Proofpoint’s purchase today of email archiving provider Fortiva. The deal is another indicator of the shift toward on-demand security technologies. Proofpoint already offers its email security product as a hosted service, and Fortiva has an on-demand archiving service, as well. [...]  read more »

If your one of those administrators who hardly try to keep their networks clean and prevent the next malware from infecting their systems, this is definitely for you…

Spending thousands of dollars on security solutions to protect the enterprise from the outside alone is an outdated concept. If you want to ask anyone works in the security arena? What are the main sources of malwares today? He’ll probably answer this: e-mail spam, websites, and removable drives.

Continue Reading ...

http://extremesecurity.blogspot.com/2008/06/stop-malwares-using-device-control-real.html

In this podcast, SearchSecurity.com editors discuss managed security services, the increase of SQL injection attacks and whether secure software coding is improving.

Yesterday I wrote a quick proposal for the Synapse project. Since not everyone has access to the Synapse project, I will share some ideas here from time to time. I started with a proposal on how to detect Xpath vulnerabilities. Since Xpath can be used in combination with every server-side language, it is easy to write a detection flow for most languages. XPath injection attacks are similar to regular SQL injection, it is possible to inject the same kind of vectors as we normally do with a slight difference in ending syntax in most cases.  read more »

TippingPoint said a researcher submitted a critical vulnerability affecting Firefox 3.0 to its Zero Day Initiative just five hours after Mozilla released the updated open-source browser Tuesday.In a blog post Wednesday, TippingPoint said its researchers verified the vulnerability it in its lab and quickly reported the flaw to Mozilla’s security team. The flaw could allow [...]  read more »

Security researchers at antivirus vendor Panda Security have discovered an application that turns executable files into a worm that can spread and cause damage on infected machines.The tool is so easy to use that researchers say very little technical knowledge is needed to pull off a successful attack. The worm can wreak havoc on an [...]  read more »