Cloudflare is one of the biggest providers of content delivery network services in the world. On July 2, they experienced a nearly complete service outage that affected all of their customers and lasted approximately half an hour. This unprecedented event was not a result of…
Chrome Removes XSS Protection
On July 15, Google announced that the XSS Auditor module that protects Chrome users against Cross-site Scripting attacks is to be abandoned. It was found to be easy to bypass, inefficient, and causing too many false positives. A similar mechanism was previously used by Microsoft…
SQL Injection Compromises Entire Country
On July 16, the world found out that the tax data of millions of Bulgarian citizens have been stolen. The attacker sent half of the data as proof to many Bulgarian and international media sources. The stolen databases are already available for download via underground…
What Is a CSRF Attack
Cross-site Request Forgery (CSRF/XSRF), also sometimes called sea surf or session riding, refers to an attack against authenticated web applications using cookies. The attacker is able to trick the victim into making a request that the victim did not intend to make. Therefore, the attacker…
Does YouTube Ban Hacking Videos?
A wave of dissatisfaction with Google’s YouTube policies has recently spread around the ethical hacking community. On July 2, Kody Kinzie who runs the Null Byte channel on YouTube reported that he was denied the right to upload a new security video. This was because…
What is the High Orbit Ion Cannon
The High Orbit Ion Cannon (HOIC) is an open source network stress testing application available on Sourceforge.net. It is most often used by hacktivists as an attack tool for denial of service (DoS) and distributed denial of service (DDoS) attacks. It is the successor of…
DoH: Mozilla, Cloudflare, and Google vs. the World
Three Internet giants: Mozilla, Google, and Cloudflare, are taking steps towards securing the DNS protocol for browser users. However, the DoH (DNS over HTTPS) standard will make it difficult to supervise the domains that users connect to. This causes increasing controversies, especially in the United…
Clickjacking – What Is It and How To Defend Yourself
In a clickjacking attack, the user is tricked into interacting with a UI element that they do not see. The attacker designs a malicious page with carefully positioned visual elements. The user is lured into clicking on these elements but, in reality, unknowingly clicks on…
Billions of IoT User Records Leaked via an Unprotected Database
ORVIBO, a Chinese manufacturer of smart home devices, left an unprotected Elasticsearch database accessible online through a web interface with no authentication. The database contained more than 2 billion user records representing more than a million users of ORVIBO smart home devices worldwide. The database…