Somewhat buried in this article about The Russian Business Network going silent is this choice statement:
Genes added that some U.S. government and Brazilian sites, which he declined to identify specifically, had been compromised through SQL (Structured Query Language) injection attacks to make them point to other RBN sites compromised with malicious software. “Maybe some government [...]
Entries Tagged as 'web site security'
US Gov sites Hacked with SQL Injection
November 9th, 2007 ·
Tags: Security · web site security
Open Social App hacked 45 minutes after release
November 5th, 2007 ·
This TechCrunch article outlines how some exploited a vulnerability in a Open Social application to pepper other users profiles with emoticons on Plaxo. The article also mentions the person that found this issue also found other issues with FaceBook apps.
There is a real issue with opening your platform up to third party apps. [...]
Tags: Security · web site security
10 Reasons Not to Deploy a Web Application Firewall
November 1st, 2007 ·
I have a pretty good amount of experience with WAFs, although none in an actual deployed state (other than mod_security as an Apache module). I reviewed one of the earliest Teros version before they even had a shipping product. I also spent a lot of time talking to web site owners and security people that [...]
Tags: web site security
