Category: Security
-
Mastercard.com NOT PCI Compliant
Someone has found an XSS vulnerability on mastercard.com. The place it was found, the search function, is a notorious location for XSS vulnerabilities. The XSS payload that triggers the vulnerability leads me to believe that there was a fair amount of filtering going on but I guess not enough. Who does Mastercard pay PCI penalties to?
-
SANS says the #1 Server Security Issue is Your Web Application
The latest SANS Top 20 has been released and according to SANS the #1 issue impacting the security of your servers is the web application code that lives on top of it. I agree with them (in a totally biased way of course) but the data they cite leaves me with an uneasy feeling. SANS likes to…
-
MS Destroys the Consumer AV Market: Or Did They?
In Nov 2008, Microsoft announced that they are going to start offering free anti-virus/spyware/trojan/rootkit protection. Say bye-bye to Symantec and Mcafee’s cash cows. It looks like it took about 5 years to make it happen assuming they are using the technology they aquired back in 2003 via GeCAD. So the big question is how long…
-
Alumnus hacks Texas A&M system
My dad is a Aggie, sorry to see his school can’t secure their systems. If anyone is from Texas they know that the Aggie’s are the butt of many jokes. (Think Polish jokes, Texas style). One of my favorites: How do you confuse an Aggie? Put him in a round room and tell him to…
-
These are the crazy people in your security neighborhood
When you have been around the IT/Security space as long as I have you run into to a lot of whacky people. After a while you begin sorting and classifying them into nice convenient stereotypes. Over the next few weeks I will post my own stereotypes that I have discovered. Hope you get a laugh…
-
The Business Case for WAFs + Testing
Who’s up for another IT security story? I’m was sitting on my Xrocker wondering whether I should get back on Call of Duty or type something quick for this week. I opted for the latter and this is why you are reading this post. Here is a real world story about a customer of ours,…
-
Hackers Buy Ads to Install Malware
Last month, I was contacted by a client to help resolve some security issues on her website (brabbly.com) When I visited the site, there did not seem to be any underlying issues, except for multiple pop ups, which I thought were legitimate ads from the site. However, I was wrong. On talking to the owner,…
Recent Posts
- Free Dr. Pepper Overloads Site, Exposes Captcha Key
- When ISPs Attack!
- Bots + Web Vulnerabilites – An Approaching Storm
- FBI CSRF and Jail How to Get Someone Raided
- The Big Announcement
Tags
There’s no content to show here yet.
Hi, this is a comment. To get started with moderating, editing, and deleting comments, please visit the Comments screen in…