-
AppsecInc Granted Database Encryption Patent
United States Patent 7266699 was issued to AppSecInc. From the patent "The invention provides a transparent encryption infrastructure which allows the user to point-and-click on columns and tables to encrypt data. The creation of triggers and views are also easily implemented, to encrypt and decrypt data, to manage the encryption keys and to grant and…
-
Blackhat SEO faces 3 years in prison for insulting the president
From the nypost " A hacker faces up to three years in prison for making the Polish president's Web page turn up in searches for the slang word for "penis." Marek W., 23, has been charged with insulting President Lech Kaczynski. Marek created a program that caused the official home page of the president to…
-
5 amusing security vendor moments
This list was created based off of real security vendor interactions that I and a friend have experienced. 1.Customer: Have you had a security evaluation of your product? Vendor: Yes, Kevin Mitnick has performed a pen test against our product. (sorry kevin! 🙂 2. The vendor comes to your office and pitches you a presentation…
-
Warcraft.net and Battle.net get hacked by polite hacker
As a Diablo2 fan I just had to post this. " Blizzard's Warcraft.net and Battle.net websites have recently come under attack from an Algerian hacker who went by the name of "LeHackeur". This hacker added an extra file on the sites' main servers, which displayed an image of a skull, as well as a message…
-
Cenzic Patent Case Worries Web Researchers, Vendors
"A patent infringement lawsuit recently filed by Cenzic against SPI Dynamics has Web application security companies and researchers on edge. If successful, the suit — which centers around Cenzic's patent on a Web application vulnerability scanning technology — could mean trouble for other scanner vendors, as well as researchers who develop scanning techniques. Cenzic, which…
-
Undercover reporter ousted at defcon, probably pretty f@!ked
UPDATE: Her myspace page was linked off of defconpics.org and shortly after has been removed from myspace. No word on how it was removed at this time. An NBC reporter (Michelle Madigan Associate Producer of NBC Dateline) was found to be trying to find hackers for hire and recording them with a video camera. Jeff…
-
Fox News Pwned
""While browsing around the Fox News website, I found that directory indexes are turned on. So, I started following the tree up, until I got to /admin. Eventually, I found my way into /admin/xml_parser/zdnet/, in which, there is a shell script. Seeing as it's a shell script, and I use Linux, I took a peek.…
-
Microsoft Security Grunt voted #6 on Worst Jobs in Science 2007 by Popular Science
Popular Science has voted ‘Microsoft Security Grunt’ as the 6th worst job in science to have. "Do you flinch when your inbox dings? The people manning secure@microsoft .com receive approximately 100,000 dings a year, each one a message that something in the Microsoft empire may have gone terribly wrong. Teams of Microsoft Security Response Center…
-
Cenzic Patents the obvious: Fault Injection!
I monitor google news for anything application security related and found the following announced today by Cenzic. "the U.S. Patent and Trademark Office (PTO) has issued the company U.S. Patent No. 7,185,232, focused on fault injection technology, which is commonly used by most security assessment scanners." – Cenzic Cenzic is not the first application security…
-
Hackers on a Plane
"2007 is a very special year for the global hacker community. Thanks to cooperation between the organizers of DefCon XV and the Chaos Communications Camp 2007, the two largest gatherings of hackers from around the world happen only a few days apart! This is where "Hackers on a Plane" comes in: The Hacker Foundation has…
-
Pirate Bay hacked, database stolen
"According to an alert posted on The Pirate Bay’s blog, the stolen user credentials were encrypted but the site is still urging users to immediately change usernames and passwords to avoid the risk of identity theft. They have got a copy of the user database. That is, your username and passwords. But, the passwords are…
-
Astroglide Website Helps Hackers Insert Rogue Code, Reader Reports
"Just last week BioFilm, the maker of the popular sexual lubricant Astroglide, confirmed that it had failed to properly secure the names and addresses of more than 250,000 individuals who requested free samples which resulted in those files showing up in a Google search for those individuals’ names. Now THREAT LEVEL reader Ronald van den…
-
MySpace superworm creator sentenced to probation, community service
"The man responsible for unleashing what is believed to be the first self-propagating cross-site scripting worm has pleaded guilty in Los Angeles Superior Court to charges stemming from his most infamous hacking. Samy Kamkar, who was 19 when he unleashed the attack on MySpace.com in October 2005, was sentenced to three years of probation and…
-
PHP Ninja Stefan Esser Quits the PHP Security Team After Being Ignored For Reporting Issues
Apparently Stefan Esser (a key player in PHP's Security Response Team) has called it quits. Steffen is known for finding various vulnerabilities in PHP and working with the PHP Security team to identify and prevent issues in PHP itself. From his blog (Mirroring since his site appears to be getting slammed hard): "Last night I…
-
Hacker Pumpkins
RSnake is having a hacker pumpkin carving contest. Check out the XSS'd tricked out carving 🙂 Article Link: http://ha.ckers.org/blog/20061016/hacker-pumpkin-carving-contest/
-
Top 5 signs you’ve selected a bad web application package
5. The vendor's idea of a patch process involves you editing line X and replacing it with new code 4. The amount of total downloads is less than the application's age 3. It isn't running on the vendors homepage 2. The readme file states that you need to chmod a certain file or directory to…
-
XSS Gone Wild!
For various reasons I'm going to report this as neutral as possible. Apparently F5 and Acunetix both web security vendors were found to have XSS holes in their website according to RSnake's forum. To be honest with you yeah it is embarrassing but s!@# happens however that isn't why I'm posting this news story. I'm…
-
Frontpage takes down superhacker
"Kevin Mitnick, the notorious former hacker turned security consultant and tech celebrity, has been targeted by Pakistani crackers in a series of web face defacements attacks. Four websites associated with Mitnick's various ventures were sprayed with digital graffiti on Monday in an apparently personal attack. The sites defensivethinking.com, mitsec.com, kevinmitnick.com and mitnicksecurity.com (which all run…
-
ALERT: Cross HTTP Response Splitting Session Fixation Smuggling Scripting Vulnerability Discovered
CERT has issued a warning against a new web based threat entitled a "Cross HTTP Response Splitting Session Fixation Smuggling Scripting Vulnerability". According to the founder of DSHIELD Johannes Ullrich "If on April 1st you have specific non default settings in Internet Explorer, visit a serious of 4 specific websites in order through a specific…
-
Securityfocus.com Defaced
Securityfocus home of bugtraq and other importantsecurity mailing lists was defaced today by theattacker known as "Fluffi Bunni". This is probablythe best known security site on the net and proofanything can be breached if one spends enough time.According to defaced.alldas.de the advertising companywas defaced and fed the image to securityfocusalthough no public statement has been…
-
Sans.org Defaced!
A very well known computer security websiteand training center has been defaced. The defacer known as "Fluffi Bunni" is well knownfor attacks against apache.org, sourceforge,and exodus to name a few.You can read more about his past attacks inthe old news section of this site.Sans.org Mirror listed belowSans.org Defaced
Favorite Links
- Security Templates (New)
- The Web Application Security Consortium
- QA Security
- The Web Security Mailing List
- Romain Gaucher’s Blog
- Jeremiah Grossman’s Blog
Popular Pages
WASC Threat Classification
- Abuse of Functionality
- Application Misconfiguration
- Brute Force Attack
- Content Spoofing
- Credential/Session Prediction
- Denial of Service
- Directory Indexing
- Information Leakage
- Remote File Inclusion Attack
- Routing Detour Attack
- SOAP Array Abuse
- XML Attribute Blowup
- XML Injection
- XML External Entity Attack