Release Date: 2009/10/29 Author: Bogdan Calin (bogdan [at] acunetix [dot] com) Severity: Critical Vendor Status: Vendor has released an updated version Release Date : 2009/10/29 Author : Bogdan Calin (bogdan [at] acunetix [dot] com) Severity : Critical Vendor Status : Vendor has released an updated…
Acunetix WVS Version 6.5 build 20091027 released
An updated build for Acunetix WVS Version 6.5 has been released. It includes a number of bug fixes. Bug fixes: Fixed: Redirect on LoginSequenceStep was not followed correctly Fix in URL Rewrite module to remove GetVars before matching rules How to upgrade: On starting up…
Acunetix WVS Version 6.5 build 20091012 released
An updated build for Acunetix WVS Version 6.5 has been released with some bug fixes. Bug fixes: Fixed: Memory leak when invoking state change handler Fixed: Item index for an item which has just been inserted fails in the Browserframe Fixed: Error in indexing the…
Secure Password Recommendations and Research
You have a lot of things you try to keep secure, and some of them you simply have to put in other people’s hands because you can’t do it on our own (like your website *hint hint*). However, there are some things you do have…
Statistics from 10,000 leaked Hotmail passwords
An anonymous user posted usernames and passwords for over 10,000 Windows Live Hotmail accounts to web site PasteBin. PasteBin is currently down for maintenance but I managed to get a copy of the list and quickly generated some statistics from these passwords. First, my impression…
Acunetix WVS Version 6.5 build 20091005 released
An updated build for Acunetix WVS Version 6.5 has been released with some improvements, bug fixes and new security checks. New: Added a new check for SVN repositories Improvements: Improved MultiRequest paramenter manipulation; now using the form matcher to match parameter values Improved SQL injection…
Acunetix WVS Version 6.5 build 20090917 released
An updated build for Acunetix Version 6.5 has been released with some improvements and bug fixes. New: Added two new blind SQL injection tests Added a new scanning profile for stored XSS only Added HTTP verb tempering using POST method check Improvements: Improved appearance for…
SQL injection used in largest data security breach in U.S. history to date
Three men, responsible for the largest data security breach in U.S. history, stole 130 million credit and debit card numbers from five leading companies. They took advantage of a coding error, and allegedly used a SQL injection attack to compromise a web application, which was…
Security risks associated with utf8_decode and XSS filters
BlackHat USA 2009; Eduardo Vela Nava (sirdarckcat) and David Lindsay presented a paper entitled “Our Favorite XSS Filters and How to Attack Them”. Very interesting paper, you should definitely take a look at it. In this paper, besides other things, they presented a very interesting…