Web Application Insecurity - VIDEO

May 10, 2010 Added by:Jeremiah Talamantes

As a professional penetration tester, I help organizations identify and validate vulnerabilities in their systems everyday. However even in today's heighten awareness for vulnerabilities in web apps, I tend to find myself involved in more network-centric pen tests vs. application-centric pen tests. Some of this can be attributed toward the maturity of network security. But as security profess...

Comments  (4)


Open Source Intelligence Operations Part One

May 10, 2010 Added by:Bozidar Spirovski

Wikipedia defines Open source intelligence (OSINT) is a form of intelligence collection management that involves finding, selecting, and acquiring information from publicly available sources and analyzing it to produce actionable intelligence. In reality, the methodology used in OSINT is the information gathering phase of every penetration phase. They only stuck a fancy name to the process.

Comments  (0)


The Need to Develop Security Guidelines For Medical Devices

May 10, 2010 Added by:shawn merdinger

In the April 2010 issue of New England Journal of Medicine, William Maisel and Tadayoshi Kohno state that “medical-device manufacturers have a legal responsibility to be vigilant and responsive to security threats, although their specific responsibilities have not been well delineated.”

Comments  (1)


Scammers Bait 40,000 Facebook Victims with Ikea Gift Card

April 21, 2010 Added by:Robert Siciliano

It’s just a matter of setting up a fake Facebook page and marketing it to a few people who then send it to their friends and it goes somewhat viral. The Ikea scam hooked 40,000 unsuspecting victims with the promise of a $1,000 gift card.

Comments  (0)


How to be exposed via xss - in one click - just doing your job...

April 16, 2010 Added by:Jason Remillard

As the attacks on infrastructure become more complicated, the true nature of deep penetration attacks prove food for thought for all developers and operators.  Consider this case - where the apache open source infratructure itself became significantly exposed by a simple XSS attack that utilized some social engineering techniques (i.e. getting folks to click on things), to load others up with...

Comments  (2)


Why we did it, and don't want to make money from it..

March 18, 2010 Added by:Jason Remillard

A description of the automated wordpress security plugin by SSM. If you're running WP, check it out!

Comments  (0)


Hacker Releases Second Video of Enhanced XerXeS DoS Attack on Apache Vulnerability

March 11, 2010 Added by:Anthony M. Freed

Infosec Island has once again gained exclusive access to a video demonstration of the XerXeS DoS. This new video shows a little more of the XerXeS dashboard, and reveals even more about the attack technique – watch the text box on the left as Jester mentions “Apache” for the first time outside of our private conversations.

Comments  (15)


Press F1 for Help, pwned.

March 08, 2010 Added by:Daniel Kennedy

Microsoft published security advisory 981169 yesterday in response to the zero day vulnerability reported a few days prior. The vulnerability is in the help system and can be triggered by luring an Internet Explorer user into pressing the F1 key. Windows 2000, Windows XP SP2 & SP3, and Windows 2003 SP2 with Internet Explorer 7 and Internet Explorer 8 are all affected.

Comments  (0)


Trust but verify...

March 08, 2010 Added by:Jason Remillard

Very interestingly enough, in the past five or six days we have been detecting ad networks including Google Adsense, Adultadwords, and Adbrite allowing malware-laden ads on their networks.  We are not the only ones who have identified this issue, check out the following links for more information about them:

Comments  (1)


Google, Adobe, and Big Oil Attack Commonalities

March 07, 2010 Added by:Ted LeRoy

The work of protecting information is becoming more difficult with time.  The recently discovered attacks on Google, Adobe, Marathon Oil, ExxonMobil, and ConocoPhillips illustrate an alarming trend.  The attacks even gave rise to a new attack model, the Advanced Persistent Threat (APT).

Comments  (0)


Exclusive Video of XerXeS DoS Attack

February 22, 2010 Added by:Anthony M. Freed

Infosec Island has gained exclusive access to a video demonstration of the XerXeS DoS attack as it is unleashed on the Taliban website, and carried out by infamous patriot hacker The Jester (th3j35t3r).

Comments  (10)


The Dragon’s Lair?

February 21, 2010 Added by:Bill Wildprett, CISSP, CISA

An excellent article in the N.Y. Times on February 18th stated that two Chinese schools, the Shanghai Jiaotong University and the Lanxiang Vocational School were involved in the recent online attacks against Google and dozens of other U.S. corporations.  These conclusions come...

Comments  (1)


De-cloaking in Internet Explorer

February 13, 2010 Added by:Fred Williams

I ran across a pretty interesting article on RSnake's blog about using a URL to get users to disclose personal information. I tested this in IE8 and the posting claims it works in IE6 and IE7 as well.  I tested in Firefox with and without NoScripts enabled and it doesn't work.  Yay Firefox!

Comments  (5)


Why Regular Malware Scanning is important for your customers...

December 15, 2009 Added by:Jason Remillard

The path to website security is littered with good intensions of course, however, the intensions need a revamp in order to prove good.  In this case, the good ol' days of giving your clients an ssl cert, a simple firewall on there server are NOT GOOD ENOUGH.

Comments  (6)


Are you running a WordPress Blog? Update it today

August 12, 2009 Added by:Infosec Island Admin

Another security release for Wordpress was released yesterday (version 2.8.4) which patches a rather annoying security flaw discovered with all prior versions. By sending a specially crafted URL as an unauthenticated user to your WP blog, and attacker can essential reset your admin password and lock you out of your blog.

Comments  (0)


Adobe Releases Critical Patches for Flash Player

July 31, 2009 Added by:Infosec Island Admin

Today, Adobe released version of their Flash Player software. This new version fixes multiple critical vulnerabilities, many of this Adobe has not been forthcoming about.

Comments  (4)

Page « < 16 - 17 - 18 - 19 - 20 > »