Trojan Horse Program Targetting Adsense

Apparently people are uploading malware to users computers in order to modify ads displayed on websites they visit with their own ad. "Techshout.com reports that a new, deceptive Trojan Horse program has surfaced. The program is engineered to produce fake Google ads that are formatted to look like legitimate ones. The ads...

Application Security Predictions For The Year 2006

In 2005 published application security vulnerabilities have exploded. If you're subscribed to mailing lists such as bugtraq you know just how often Cross Site Scripting, SQL Injection, or Remote Command Execution vulnerabilities are discovered and exploited. I've prepared a prediction outline for the year 2006 exclusively covering the threats that the web...

More than 450 Phishing Attacks Used SSL in 2005

Netcraft has published some statistics about phishing on their site. "In its first year, the Netcraft Toolbar Community has identified more than 450 confirmed phishing URLs using "https" urls to present a secure connection using the Secure Sockets Layer (SSL). The number of phishing attacks using SSL is significant for several reasons....

Security Vendors Form Application Security Industry Consortium (AppSIC)

Apparently Microsoft, Oracle, Red Hat, and SAP have formed a vendor based security consortium titled "AppSIC" or the Application Security Industry Consortium. Quoting the article "Herbert Thompson, the consortium's chair and director of security technology at Security Innovation, says AppSIC members will meet monthly to exchange ideas and vet papers to be...

Rootkits, cybercrime and OneCare By TheRegister

TheRegister has a little editorial outlining some of the highlights of the year 2005 including Sony's DRM, Microsoft OneCare, Viruses, Convictions, and phishing. Article Link: Rootkits, cybercrime and OneCare: The year in IT security (TheRegister)

Yahoo Cross Site Scripting Vulnerability Discovered

A posting to the Full Disclosure mailing list claims an unpatched Cross Site Scripting vulnerability in Yahoo!'s mail with example script code. Quoting the author "i didnt contact yahoo, because i contacted them previously regarding a similar vulnerability, and yes they fixed it "silently" without even sending me a thank you email,...

PAPER: Preventing Http Session Fixation Attacks

Zinho Writes "I've published the final research about Http Session Fixation covering the most known attacks and how to prevent them. The paper is written from a web developer point of view and shows various techniques to be safe from fixation and hijacking." Paper Link: Preventing Http Session Fixation Attacks (Paper)

Top 7 PHP Security Blunders

Sitepoint has published an article covering the 7 most common vulnerability types applied to the PHP language as well as configuration options to futher lock down your environment. While I disagree with the structure/actual 7 the article is good and worth checking out. If you're lazy and just want the seven here...

"2005 The Year of Phishing"

Phishing has exploded in 2005 so I've decided to dedicate a section of this site towards it. I have created a Phishing resource page providing a list of tools, news articles, whitepapers, and solutions to phishing. If there is a resource that I've missed please let me know. Phishing Link: Phishing HomePage
Looking for something else or having a hard time finding a story? We recently moved things around so please use the search bar on the right!