Protecting exposed servers from Google hacks (and Google 'dorks')
Submitted by secgeeks on Wed, 02/07/2008 - 19:32.Search engines are now routinely used to find ways of gaining unauthorized access to servers. Michael Cobb explains how to avoid exposing your important data to 'Google dorks.'
Cross Environment Hopping.
Submitted by secgeeks on Wed, 02/07/2008 - 15:57.What is it? read more »
Changeability.
Submitted by secgeeks on Wed, 02/07/2008 - 15:57.- nice journey
- web application security
- web application security
- web application security
- web application security
- web application security
- web application security
- web application security
- web application security
- web application security
- web application security
- web application security
- web application security
- web application security
- web application security
- web application security
- web application security
- web application security
- web application security
- web application security
- web application security
- web application security
- web application security
- web application security
- web application security
- web application security
- web application security
- web application security
- web application security
- web application security
Plus ca change, plus c'est la meme chose. read more »
The Image Fulgurator.
Submitted by secgeeks on Wed, 02/07/2008 - 15:57.
Julius von Bismarck invented a very interesting hacking technique to manipulate images taken by people. His Image Fulgurator can project text or other images on an object that is being photographed, but only becomes visible on the photograph itself. People's great trust in their photographic reproductions of reality was what motivated Julius to develop the Image Fulgurator. read more »
Email Blogging and spam?
Submitted by secgeeks on Sun, 29/06/2008 - 08:24.I just come to know about a new service which supports the blogging by email.you only needs to send a mail containing a blog post and then this service will create a blog for you.No doubt it makes life much simple but then it can be misused easily.consider a case when someone want to spam the site as there are no login required some one can easily sent tons of spam from different ips,emails and the result will be dangerous. read more »
Should we add a exploit section on this site?
Submitted by secgeeks on Sat, 28/06/2008 - 11:40.- 2 comments
- Get Our RSS Feeds
- Email this page
- 111 reads
The changing face of information security
Submitted by secgeeks on Thu, 26/06/2008 - 21:53.In the last eight years or so, I’ve probably been to more than 100 security conferences, workshops, trade shows and seminars and I’m hard-pressed to come up with one that’s been more informative or entertaining than the Workshop on Economics in Information Security that’s taking place at Dartmouth College this week. As you might expect, [...] read more »
Srizbi botnet blamed for malicious spam surge
Submitted by secgeeks on Wed, 25/06/2008 - 17:42.A sharp rise in the volume of malicious spam this month can be largely attributed to the Srizbi botnet, according to researchers at Marshal. Spam intended to infect users’ computers with malware tripled in one week, jumping from 3 percent of total spam at the beginning of June to 9.9 percent the following week.The Srizbi [...] read more »
Yahoo Mail flaw found and fixed
Submitted by secgeeks on Wed, 25/06/2008 - 16:19.- web application security
- web application security
- web application security
- web application security
- web application security
- web application security
- web application security
- web application security
- web application security
- web application security
- web application security
- web application security
- web application security
- web application security
- web application security
- web application security
- web application security
- yahoo mail
Researchers at Cenzic discovered a vulnerability in Yahoo Mail they said could allow attackers to steal Yahoo identities and potentially access users’ sensitive information.The company, a Web application security provider based in Santa Clara, Calif., notified Yahoo of the cross-site scripting flaw in its popular Web mail program on May 23 and Yahoo fixed it [...] read more »
Researchers defend study on patch distribution insecurities
Submitted by secgeeks on Tue, 24/06/2008 - 17:39.A team of security resarchers warn that a patch-based exploit generation technique could be easily carried out by an attacker.
Symantec launches Endpoint Management Suite
Submitted by secgeeks on Tue, 24/06/2008 - 17:39.Symantec integrated its acquisition of Altiris with the release of Endpoint Management Suite 1.0.
Carpet Woes.
Submitted by secgeeks on Tue, 24/06/2008 - 17:37.Ok this a re-hash of Nitesh Dhanjani finding in the Apple Safari browser[1]. I read that Billy Rios[2] also found something similar in Firefox. That is very interesting, because I assumed -which is the mother of all fuckups- that Firefox was a bit more strict in checking content-types. Anyway, I read some discussion about it and wanted to give my take on it. I gleamed over the examples provided by Nitesh, and I could not help myself uttering only one sentence: content negotiation. read more »
You Can.
Submitted by secgeeks on Tue, 24/06/2008 - 17:37.
It is better to have less thunder in the mouth and more lightning in the hand. -- Apache proverb. read more »
Proofpoint acquires email archiving provider Fortiva
Submitted by secgeeks on Tue, 24/06/2008 - 15:23.The steady drumbeat of acquisitions in the security industry continues, with the latest deal being Proofpoint’s purchase today of email archiving provider Fortiva. The deal is another indicator of the shift toward on-demand security technologies. Proofpoint already offers its email security product as a hosted service, and Fortiva has an on-demand archiving service, as well. [...] read more »
Stop malwares using device control: a real life experience
Submitted by xmachine on Fri, 20/06/2008 - 16:01.If your one of those administrators who hardly try to keep their networks clean and prevent the next malware from infecting their systems, this is definitely for you…
Spending thousands of dollars on security solutions to protect the enterprise from the outside alone is an outdated concept. If you want to ask anyone works in the security arena? What are the main sources of malwares today? He’ll probably answer this: e-mail spam, websites, and removable drives.
Continue Reading ...
http://extremesecurity.blogspot.com/2008/06/stop-malwares-using-device-control-real.html
Could managed security services cause data woes?
Submitted by secgeeks on Thu, 19/06/2008 - 17:05.In this podcast, SearchSecurity.com editors discuss managed security services, the increase of SQL injection attacks and whether secure software coding is improving.
Xpath Injection.
Submitted by secgeeks on Thu, 19/06/2008 - 17:05.Yesterday I wrote a quick proposal for the Synapse project. Since not everyone has access to the Synapse project, I will share some ideas here from time to time. I started with a proposal on how to detect Xpath vulnerabilities. Since Xpath can be used in combination with every server-side language, it is easy to write a detection flow for most languages. XPath injection attacks are similar to regular SQL injection, it is possible to inject the same kind of vectors as we normally do with a slight difference in ending syntax in most cases. read more »
TippingPoint reports Firefox 3.0 flaw
Submitted by secgeeks on Thu, 19/06/2008 - 16:14.TippingPoint said a researcher submitted a critical vulnerability affecting Firefox 3.0 to its Zero Day Initiative just five hours after Mozilla released the updated open-source browser Tuesday.In a blog post Wednesday, TippingPoint said its researchers verified the vulnerability it in its lab and quickly reported the flaw to Mozilla’s security team. The flaw could allow [...] read more »
Panda security researchers warn of new worm tool
Submitted by secgeeks on Thu, 19/06/2008 - 12:25.Security researchers at antivirus vendor Panda Security have discovered an application that turns executable files into a worm that can spread and cause damage on infected machines.The tool is so easy to use that researchers say very little technical knowledge is needed to pull off a successful attack. The worm can wreak havoc on an [...] read more »





