Grumpy Security Guy

Somewhat buried in this article about The Russian Business Network going silent is this choice statement:
Genes added that some U.S. government and Brazilian sites, which he declined to identify specifically, had been compromised through SQL (Structured Query Language) injection attacks to make them point to other RBN sites compromised with malicious software. “Maybe some government [...]

[Read more →]

It looks like Alicia Key’s MySpace profile was phished then used to host malware. Alicia, I can help you in these troubled times. We probably need to jet off to a secluded hideway somewhere to begin therapy.
If MySpace is to be believed this is actually a pretty interesting tactic. Apparently someone sent out phishing [...]

[Read more →]

I got this email today:
We’d like to inform you that your Online Banking is about to expire due to inactivity. If you want to continue using our services, please login to your Wells Fargo account now by clicking here:
http://www.miamiexpress.info/documentacion/.cgi-bin/wells/wellsfargo-us.com/wf/
Please note: Your online services will be limited and eventually deleted if you do not login within [...]

[Read more →]

This TechCrunch article outlines how some exploited a vulnerability in a Open Social application to pepper other users profiles with emoticons on Plaxo. The article also mentions the person that found this issue also found other issues with FaceBook apps.
There is a real issue with opening your platform up to third party apps. [...]

[Read more →]

I have a pretty good amount of experience with WAFs, although none in an actual deployed state (other than mod_security as an Apache module). I reviewed one of the earliest Teros version before they even had a shipping product. I also spent a lot of time talking to web site owners and security people that [...]

[Read more →]