Category: Security

  • Mastercard.com NOT PCI Compliant

    Mastercard.com NOT PCI Compliant

    Someone has found an XSS vulnerability on mastercard.com. The place it was found, the search function, is a notorious location for XSS vulnerabilities. The XSS payload that triggers the vulnerability leads me to believe that there was a fair amount of filtering going on but I guess not enough. Who does Mastercard pay PCI penalties to?

    Read more...

  • SANS says the #1 Server Security Issue is Your Web Application

    SANS says the #1 Server Security Issue is Your Web Application

    The latest SANS Top 20 has been released and according to SANS the #1 issue impacting the security of your servers is the web application code that lives on top of it. I agree with them (in a totally biased way of course) but the data they cite leaves me with an uneasy feeling. SANS likes to…

    Read more...

  • MS Destroys the Consumer AV Market: Or Did They?

    MS Destroys the Consumer AV Market: Or Did They?

    In Nov 2008, Microsoft announced that they are going to start offering free anti-virus/spyware/trojan/rootkit protection. Say bye-bye to Symantec and Mcafee’s cash cows. It looks like it took about 5 years to make it happen assuming they are using the technology they aquired back in 2003 via GeCAD. So the big question is how long…

    Read more...

  • Alumnus hacks Texas A&M system

    Alumnus hacks Texas A&M system

    My dad is a Aggie, sorry to see his school can’t secure their systems. If anyone is from Texas they know that the Aggie’s are the butt of many jokes. (Think Polish jokes, Texas style). One of my favorites: How do you confuse an Aggie? Put him in a round room and tell him to…

    Read more...

  • These are the crazy people in your security neighborhood

    These are the crazy people in your security neighborhood

    When you have been around the IT/Security space as long as I have you run into to a lot of whacky people. After a while you begin sorting and classifying them into nice convenient stereotypes. Over the next few weeks I will post my own stereotypes that I have discovered. Hope you get a laugh…

    Read more...

  • The Business Case for WAFs + Testing

    The Business Case for WAFs + Testing

    Who’s up for another IT security story? I’m was sitting on my Xrocker wondering whether I should get back on Call of Duty or type something quick for this week. I opted for the latter and this is why you are reading this post. Here is a real world story about a customer of ours,…

    Read more...

  • Hackers Buy Ads to Install Malware

    Hackers Buy Ads to Install Malware

    Last month, I was contacted by a client to help resolve some security issues on her website (brabbly.com) When I visited the site, there did not seem to be any underlying issues, except for multiple pop ups, which I thought were legitimate ads from the site. However, I was wrong. On talking to the owner,…

    Read more...

Recent Posts

Tags

There’s no content to show here yet.

Comments

  1. Hi, this is a comment. To get started with moderating, editing, and deleting comments, please visit the Comments screen in…