Young entrepreneurs in England looking to finance a new business should investigate the UK government’s Start-Up Loans program. Previously available only to people between the ages of 18 and 24 living in Britain, the government recently increased the age limit for applicants to 30. Start-Up…
How to Set (and Keep) Your Web Security Goals for 2013
Can you believe it’s time again for those New Year’s resolutions? It’s always great to start the New Year with a fresh set of to-do items that you’re finally going to get around to doing. The problem, however, is that when we set “resolutions”, the…
What if you Really Don’t have Anything Attackers Would Want?
I often make the argument that even if you don’t believe you have anything of value on your website, bad things can still happen. So, what exactly does this mean? Well, it’s not going to be the end of the world but having your website…
Don’t Be Held For Ransom with Ransomware
In her 5 December article in The New York Times, “For PC Virus Victims, Pay or Else,” cybersecurity reporter Nicole Perlroth discusses the growing threat of ransomware in the USA. Ransomware is a type of malware that takes your computer hostage, freezing it until you…
An Unhappy New Year – Security Researcher Discloses New Batch of MySQL Vulnerabilities
Earlier this month, on the Security Week website, Steve Ragan published an article about a security researcher who posted several vulnerabilities to the Full Disclosure mailing list – seven of these are MySQL vulnerabilities. The complete list of vulnerabilities is available here. CVE assignments have…
WordPress Pingback Vulnerability
Recently somebody posted on Reddit about a WordPress scanner that is taking advantage of a new WordPress vulnerability. The vulnerability is abusing the Pingback system, which is a well-known feature that’s used by a lot of bloggers. What is a Pingback? Quoting Wikipedia: A pingback…
Your Scanning Experience Determines Your Scanning Success
You know the saying about riding a bicycle – do it once and you’ll remember it forever? That may be true for bicycles, but it’s certainly not the case when it comes to web security testing. The tools we use and the flaws we’re attempting…
Finding Web Flaws is not Point and Click
Successful web security testing is not as simple as point and click. Unfortunately, many people treat it as such. The thought process goes something like this: 1. Load web vulnerability scanner. 2. Enter URL to scan. 3. Click Go. 4. Generate report for the auditors….
2012 – The Year Hacking Became a Political Weapon
On 30 November Reuters reported that Anonymous will shut down Syrian government websites worldwide to fight the government’s countrywide Internet blackout, which many believe was put into effect to silence opposition to President Bashar al-Assad. According to Martin Chulov of The Guardian, in his 29…