-
Are CAPTCHA’s dead?
"For the last few years, Captcha, the Completely Automated Public Turing test to tell Computers and Humans Apart, has been one of our main lines of defense against the machines that want to impersonate us. Recently, though, the various most popular Captcha implementations have been cracked. Bots with character-recognition ability have gotten pretty reliably good…
-
Man hacks video game to propose to girlfriend
"A software developer in the US used his programming skills to propose to his girlfriend by altering a copy of the game she was playing. Bernie Peng spent a month hacking the code in Bejeweled so that when Tammy Li attained a particular score a ring appeared along with the marriage proposal. Li accepted the…
-
Google bots now submit forms in effort to find new pages
"Google's search bots, which scour the web constantly for new pages, have begun a new, more active phase of their indexing jobs. In a blog post last week, Jayant Madhavan and Alon Halevy of Google's crawling and indexing team said the company has begun an experiment in which its indexing software experimentally enters text in…
-
DNS lords expose netizens to ‘poisoning’
"More than a decade after serious holes were discovered in the internet's address lookup system, end users remain vulnerable to so-called domain name system cache poisoning, a security researcher has warned. Developers of the software that handles DNS lookups have scrambled to patch buggy code that could allow the attacks, but not to the satisfaction…
Favorite Links
- Security Templates (New)
- The Web Application Security Consortium
- QA Security
- The Web Security Mailing List
- Romain Gaucher’s Blog
- Jeremiah Grossman’s Blog
Popular Pages
WASC Threat Classification
- Abuse of Functionality
- Application Misconfiguration
- Brute Force Attack
- Content Spoofing
- Credential/Session Prediction
- Denial of Service
- Directory Indexing
- Information Leakage
- Remote File Inclusion Attack
- Routing Detour Attack
- SOAP Array Abuse
- XML Attribute Blowup
- XML Injection
- XML External Entity Attack