Archive

Archive for the ‘Webappsec’ Category

Chilean presidency Web page hacked

November 7th, 2007 Comments off

SANTIAGO, Chile (AP) A hacker broke into the Web page of Chile’s presidency and planted the flag of neighboring Peru, leaving the site inoperable for about 18 hours until it was restored Monday. The intruder left a message – “Long live Peru,” followed by an expletive – as well as the flag around midday Sunday. Officials took the site down a few minutes later, leaving a notice: “Because we want to give a better service, we are working for you.”

Read more…

Categories: Webappsec Tags:

Hacker uses public APIs to breach eBay

October 22nd, 2007 Comments off

eBay has begun an audit of its IT systems after a hacker managed to access and disable user accounts. The company said last week that the hacker exploited public application programming interfaces (APIs) that enable merchants to build e-commerce sites on top of eBay. “This fraudster found very old administrative interfaces into the eBay system that had not been deactivated when we changed the security of our internal systems several years ago,” a member of the company’s trust and safety division said in a posting on an eBay blog.

Categories: General News, Webappsec Tags:

VoIP gets hacked

October 4th, 2007 Comments off

Have you jumped on the VoIP bandwagon? Secure? Think again as US hacker is jailed for 2 years after breaching security at 15 separate telcos with ‘incredible ease’

Read more…

Categories: Random Security, Webappsec Tags:

Hacked website prompts shutdown of all California state sites

October 4th, 2007 Comments off

A hacked county website in California that redirected users to a pornographic site triggered the federal government to initiate a system-wide shutdown of all government sites in the Golden State. The process was never completed, after state officials urged the feds to reverse their decision to take offline all state websites bearing the “ca.gov” suffix. The US General Services Administration (GSA) is responsible for all “.gov” sites.

Read more…

Categories: Random Security, Webappsec Tags:

Hackers crawling over the web

August 9th, 2007 Comments off

The web is getting bigger, but also more dangerous. In the early days, it was like the Wild West – there were dangers out there, but if companies kept their wits about them and knew the basics of self-defence, they could get by.
Not anymore. Security experts are already looking back on 2006 as the year that web threats matured and became increasingly sophisticated. It was a year in which organised cyber criminals increasingly turned their attention away from email towards web traffic as their target of choice.

Read more…

Categories: Webappsec Tags:

Rush to Ajax makes for happy hackers

August 9th, 2007 Comments off

The rush to adopt Ajax is leading web developers to make basic security mistakes, in some cases a decade old, that leave gaping holes in their applications. That is according to researchers here at the Black Hat security conference in Las Vegas. Some said that in some cases developers should avoid Ajax altogether rather than open their businesses to attack.

Read more…

Categories: Webappsec Tags:

MySpace users warned of drive-by exploit attack

July 2nd, 2007 Comments off

Researchers are warning of a widespread MySpace drive-by exploit attack meant to compromise machines so more highly-profitable phishing schemes remain successful. MySpace users become infected when they visit a profile page containing malicious JavaScript and then are silently redirected to an Internet Explorer exploit, which was patched in April, Johannes Ullrich, chief research officer of the SANS Internet Storm Center, told SCMagazine.com today.

Read more…

Categories: General News, Random Security, Webappsec Tags:

Kaspersky Internet Security 7.0.0.125 Beta

June 29th, 2007 Comments off

Kaspersky Internet Security technological prototype represents a new generation platform for creating applications specifically designated for complex protection of personal computers and workstations. Uniting the substantially improved functional abilities of version 5.0, Kaspersky Lab protection products with the latest technological innovations introduced by the company the Kaspersky Internet Security solution secures the most effective and complete protection of a computer from all sorts of electronic threats – malicious programs, hacker attacs and spam.

Read more…

Categories: Random Security, Webappsec Tags:

Hackers use ‘construction kit’ to unleash Trojan variants

June 26th, 2007 Comments off

Multiple hacker groups are using a “construction kit” supplied by the author of a Trojan horse program discovered last October to develop and unleash more dangerous variants of the original malware. Already such variants have stolen sensitive information belonging to at least 10,000 individuals and sent the data to rogue servers in China, Russia and the United States, according to Don Jackson, a security researcher at SecureWorks Inc. of Atlanta. The stolen data includes Social Security numbers, online account information, bank account and credit card numbers, user names and passwords and other data that users would usually input during an SSL session.

Read more…

Categories: General News, Random Security, Webappsec Tags:

Safari for Windows gets more patches

June 26th, 2007 Comments off

The recently-launched Apple browser, Safari for Windows, has received its second lot of patches since its debut earlier this month. Apple has posted the latest version of the beta software, 3.0.2, on its website, containing security fixes as well as other tweaks. The browser was first released by chief executive Steve Jobs at the company’s Worldwide Developers Conference earlier this month. Within days, security vulnerabilities had been unearthed by researchers, prompting the Mac maker to issue its first patch batch. Just over a week later, and Apple has released a second security upgrade.

Read more…

Categories: General News, Random Security, Webappsec Tags: