XSS Flaw on PayPal.com

XSS Flaw on PayPal.com

Earlier today Wesley Kerfoot reported on the Full Disclosure mailing list that a page in the Paypal.com domain is susceptible to a non-persistent reflected cross site scripting attack (XSS). While non-persistent XSS bugs are somewhat common, this is quite serious for a site like PayPal, where user accounts are linked directly to bank accounts, debit, […]

Read More →

Read More →

The “Aurora” IE Exploit Used Against Google in Action

The “Aurora” IE Exploit Used Against Google in Action

The big news hit earlier this week that the attack vector that allowed bad actors presumably from China into the networks of Google, Juniper, Adobe, and some 29 other firms was an Internet Explorer zero day, a use after free vulnerability on an invalid pointer reference affecting IE 6, 7, and 8 but only used […]

Read More →

Read More →

James Lipton says “Don’t tweet your junk”

James Lipton says “Don’t tweet your junk”

I, and I’m sure others, often refer to sanctimonious information technology people who say outlandish things at conferences or in news articles as “talking beards”. This is based on having the Dilbert cartoon below hanging in my cubicle for years. James Lipton’s role in new public service announcements (PSA’s) on texting (text messaging) for teenagers […]

Read More →

Read More →

SHODAN: Cracking IP Surveillance DVR

SHODAN: Cracking IP Surveillance DVR

We have been continuing to play around with the SHODAN Computer Search Engine after first looking at it last week. We continue to identify a variety of devices we sometimes note on security engagements (although usually on internal networks) that should not be externally accessible and are either still using factory default credentials or are […]

Read More →

Read More →

Colbert’s Human DDOS

Colbert’s Human DDOS

Stephen Colbert launched an impromptu human distributed denial of service (DDOS) by instructing his viewers, or the Colbert Nation, to make edits to the collaborative wiki encyclopedia Conservapedia. Specifically he wants to be added as a character in the Conservapedia translated version of the bible, an ongoing crowd sourcing project of the web site. According […]

Read More →

Read More →

Top