What do American Express and Facebook have in common?

Cross Site Scripting seems to be the word of the past few days with high profile sites getting featured on the technology news sites. ZDNet reported how Facebook just fixed four XSS security flaws affecting their developer’s page, the iPhone login page, the new users…

Read more

Why upgrade PHP to 5.2.8? Part 1

Note: PHP 5.2.7 is the actual version that fixes the below security holes. PHP 5.2.8 fixes an issue introduced in 5.2.7. Details from the PHP news site. A new version of the popular scripting language, PHP includes a couple of security fixes (taken from the…

Read more

How XSS can lead to a Windows Domain compromise

Many times internal web applications are excluded from the scrutinity that external ones are subjected to. It is often assumed that attackers are on the external side of the network and therefore do not have access to any internal resources. In turn this usually leads…

Read more

Acunetix WVS Scripting reference available

With Acunetix WVS version 6, Acunetix introduced a Port Scanner and Network Alerts. When scanning a website, a port scan against the web server can be launched (optional) and once open ports are found specific network security tests are launched against the network service running…

Read more

Facebook Worm on the Loose

A worm abusing Facebook‘s messaging system is making rounds between friends. It consists of an executable worm known as Koobface that runs on the victim’s computer and searches for Facebook cookies on his or her computer. It will then use these cookies to hijack an…

Read more