Good worms back on the agenda

"A researcher has reopened the subject of beneficial worms, arguing that the capabilities of self-spreading code could perform better penetration testing inside networks, turning vulnerable systems into distributed scanners. The worms, dubbed nematodes after the parasitic worm used to kill pests in gardens, could give security administrators the ability to scan machines...

Misunderstanding Javascript injection: A paper on web application abuse via Javascript injection

UPDATED: 1/30/06 Response from Author "Just to inform you that the malicious code mentioned to you was actually partly research for the paper. If you take a look at the latest version (with lynx if you like), I now refer to the clipboard issue in issue 3 (this was introduced in 1.2.0...

XST Strikes Back (or perhaps "Return from the Proxy"...)

Amit Klein has written a new article entitled "XST Strikes Back (or perhaps "Return from the Proxy"...)". Whatever the final title may be it outlines how XST vulnerabilities can still exist when a proxy server is in front of the server that an attacker is wishing to launch the attack against. "About...

The Web Application Firewall Evaluation Criteria v1 Released

The Web Application Security Consortium is pleased to announce v1.0 of The Web Application Firewall Evaluation Criteria. WAFEC is a result of a collaboration between web application firewall vendors and independent security professionals to create a comprehensive, vendor-neutral, web application firewall evaluation criteria.

RSS Security Section Added

I've decided that with the recent buzz of RSS security news stories, and mailing list posts that it needs its own section. If there is a story or article that you feel I've missed please let me know. RSS Security Section: RSS Security

RSS malware plague predicted for 2006

"The fast growing popularity of RSS (really simple syndication) means that the technology will pose increasingly significant problems for IT security professionals this year, new research has warned. ScanSafe's latest web security report notes an explosive growth in the use of RSS feeds to pull updated content via HTTP and XML rather...

Burton: Put Web Services Security on front burner

"Now that the WS-Security spec is "ready for prime time" and many security products are supporting it, organizations should start to develop a Web services security strategy, according to Anne Thomas Manes, a vice president and research director at Burton Group in Midvale, Utah. However, in her recent report, Web Services Security:...

Malware Future Trends

Dancho Danchev has written an article outlining a few malware trend predictions that is worth checking out. If you're into that sort of thing I wrote an article on web Application Worms that you may also wish to check out. Article Link: http://www.astalavista.com/media/archive1/files/malwaretrends.pdf

Another reason not to live in Ohio

"An 18 year-old boy was recently arrested in Ohio for telling fellow students to refresh the schools web page in order to slow down the server. He is being charged with a felony and is currently being held in jail. According to Canton City Prosecutor Frank Forchione 'This new technology has created...

Security flaws on the rise, questions remain

"We are seeing people discover vulnerabilities in software with tiny distribution and low installed base--free guestbooks that are written left and right, available by the thousands. And we are seeing that it takes no skill to find vulnerabilities in these applications. " - Securityfocus http://www.securityfocus.com/news/11367

Uninformed Online Zine #3 Released

A online zine called 'uninformed' has just released issue #3. I gotta say it's worth checking out. Below is the list of the table of contents. * Bypassing PatchGuard on Windows x64 * Windows Kernel-mode Payload Fundamentals * Analyzing Common Binary Parser Mistakes * Attacking NTLM with Precomputed Hashtables * Linux Improvised...

CGISecurity.com needs a banner!

The time has come and I really need a new logo/banner for this website! I am offering website advertising (On every page) for a minimum of one month to a person who can provide me with a new 259x68px, and 120x60px logo. If you've got what it takes to design us a...
Looking for something else or having a hard time finding a story? We recently moved things around so please use the search bar on the right!