SecurityRatty: tag: craft

Automating web application security testing

2007-07-16 11:40:00 by Panayiotis Mavrommatis in Google Online Security Blog

...craft a malicious URL and send it to the victim via email or any other mode of communication. When the victim visits the tampered link, the page is loaded along with the injected script that is executed in the context of the victim's session The general principle behind preventing XSS is the proper sanitization (via, for instance, escaping...

Tags: web application, application, input, input parameters, accepts user input, xss, xss vulnerabilities, security, security team check

KimsCrafts e-commerce breach affects 4,500

2007-12-14 16:08:39 by Evan Francen in The Breach Blog

...Crafts Contractor/Consultant/Branch None Victims KimsCrafts.com customers Number Affected approximately 4,500 Types of Data Names, addresses, and credit card numbers Breach Description On November 3rd, 2007 lawyers working on the behalf of KimsCrafts notified the New Hampshire State Attorney of a potential breach of the security on the...

Tags: kimscrafts, breach, e-commerce, credit file, credit, credit card data, kimscrafts e-commerce site, data, data security firm

McAfee: Virus writers going local

2008-02-21 10:24:38 by Editor in Computerworld Security News

Online-banking password thieves in Brazil, World of Warcraft hacks in China, anti-file-sharing Trojans in Japan: Malware writers are starting to craft their wares to target specific audiences and locales

Tags: target specific audiences, warcraft hacks, password thieves, malware writers, locales, world, wares, brazil, craft

Friday Squid Blogging: Squid Craft Projects

2008-03-14 16:15:03 by schneier in Schneier on Security

How to knit and felt a squid. Knit your own squid amigurumi . A squid scarf . And a crocheted squid cat toy

Tags: squid, squid amigurumi, squid scarf, squid cat toy, knit

Prediction 2 for 2008 - Stealth "Hackers"

2008-01-25 08:11:00 by Allen Baranov, CISSP in Security Thoughts

...craft it into tools like malware, root kits etc. They don't want to get caught, obviously, but they don't want to be noticed either. These are the botmasters who want to use the world' s computers to gather information that they shouldn't have. They also want to use computers to send spam and the longer they can stay undetected, the more...

Tags: hackers, traditional hackers, cool stories hackers, big-bang hackers, stealth hackers, cool, gather information, information, technical ability

Poll: How Important is a POC When Getting Someone to Fix a Security Issue

2007-11-27 08:37:00 by Security Retentive in Security Retentive

...crafting a working proof-of-concept exploit for a vulnerability and needing to actually demonstrate that exploit to get the issue taken seriously To understand this better, I set up a small poll to get some data about why people are needing to craft a working POC when demonstrating a vulnerability exists I've only ever had to do this once,...

Tags: issue, people, vulnerability, vulnerability exists, time, poc, lots, exploits, security vulnerability

Bots + Web Vulnerabilites - An Approaching Storm

2008-05-15 21:55:13 by Bill in Grumpy Security Guy

...Craft your payload Profit So the bot software basically sits back and waits until the computer it is on visits a vulnerable site and then places it payload in the vulnerable spot. It could of course do this without you visiting a site with a little more coding to check if you are permanently logged in Considering the number of sites with XSS...

Tags: vulnerabilities, permanent xss vulnerabilities, xss, sql injection, attack shortly, attack, mass sql injection, web vulnerabilites, browser vulnerabilities

LPL Financial reports eighteen compromised logons

2008-05-20 08:56:31 by Evan Francen in The Breach Blog

...craft an email or call someone and convince them to give you their login information Good luck Mr. Loewenthal, I'm sure you'll do fine Past Breaches Unknown

Tags: lpl financial, lpl, lpl financial recently, lpl recently, login information, information, information security governance, information privacy, data

Hypersonic Plane Hits Turbulence; Budget Cut, Testing in Doubt

2008-06-12 19:00:00 by Danger Room in Wired Security

Questions of feasibility and purpose may lead the Senate Armed Services Committee to drastically cut funding for Darpa's so-called Blackswift craft, which on paper should be able to top a Mach 5 speed

Tags: armed services committee, cut, blackswift craft, lead, mach, purpose, feasibility, questions, top

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo