SecurityRatty: tag: cross

Lost Horizon Blue Cross Blue Shield of New Jersey laptop

2008-02-11 13:52:36 by Evan Francen in The Breach Blog

...Cross Blue Shield of New Jersey (BCBSNJ Horizon Blue Cross Blue Shield of New Jersey (Horizon BCBSNJ), a not-for-profit organization headquartered in Newark, is the state's largest health insurer Contractor/Consultant/Branch None Victims Horizon BCBSNJ members Number Affected 300,000 Types of Data Names, addresses, and Social Security...

Tags: horizon, horizon bcbsnj takes, horizon bcbsnj, data, medical data, jersey, remotely destroy data, bcbsnj, laptop

Laptop stolen from Cross Country Staffing employee

2008-02-12 12:27:55 by Evan Francen in The Breach Blog

...Cross Country Staffing Contractor/Consultant/Branch None Victims Employees Number Affected Unknown According to the breach notification "Approximately 45 New Hampshire residents were affected by this incident Types of Data Names, Social Security numbers, and addresses Breach Description A laptop was stolen from the car of an employee...

Tags: sensitive personal information, personal information, cross country, information, confidential information, employees, cross country employees, laptop, information security breach

Cross-Device-Type Log Management vs Device-Specific Log Management

2008-06-02 14:38:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -

...cross-device log management tools . The table below clarifies it Use Case vs Approach No log consolidation - logs remain on systems they are produced Device-specific log consolidation and analysis Cross-device log consolidation and analysis from all log sources Alerting based on log strings (keywords) that indicate security or operational...

Tags: logs, pci relevant logs, log management, database logs, logs remain, gather windows logs, device-specific log management, server logs, type

Cross-site scripting CAN be used to hack a server

2008-08-05 22:06:00 by Russ McRee in HolisticInfoSec.org

...cross-site scripting can't be used to hack a server. You may be able to do other things with it. You may be able to do things that affect the end-user or the client. But the customer data protected with the server, in the database, isn't going to be compromised by a cross-site scripting attack, not directly That gem has made McAfee Pwnie...

Tags: server, server hack, hack, manager, file manager tool, file, root password, email, cpanel user

New Anti-Cross Site Scripting Library Available

2006-11-27 08:01:00 by Eric Marvets in The Security Samurai

...Cross Site Scripting or XSS is when an application displays input that originated from the client. This could be a URL, cookie variables, as well as form field variables. Virtually every site is susceptible to these types of attacks, regardless of the server or client environments On every penetration test I have ever performed on a web...

Tags: library, xss, xss attacks, anti-xss library, vulnerability, xss vulnerability, cross site, site, xss attack

Cross Site Printing

2008-01-08 22:32:52 by RSnake in ha.ckers.org web application security lab

...cross site printing . That is, when you visit a malicious website, it can attempt to connect to and send data to your printer on your local network. The obvious use? You got it, spam So now, when you visit sites, there is a potential for them to spam you, similar to the way some people receive FAX spam. While he has only gone so far as to...

Tags: ascii art, cross site, aaron weaver, print, visit sites, printer, visit, inter protocol xss, print job

PayPal plugs cross-site scripting hole that sidestepped stronger security

2008-05-19 13:00:00 by Editor in Computerworld Security News

PayPal said today that it has patched a critical cross-site scripting vulnerability that was revealed on Friday by a Finnish researcher

Tags: critical cross-site, paypal, finnish researcher, friday, vulnerability

New Cross-Site Request Forgery Attacks

2008-10-06 05:42:04 by schneier in Schneier on Security

...Cross-Site Scripting (XSS) attacks, but they are very different. A site completely protected from XSS is still vulnerable to CSRF attacks if no protections are taken Paper here

Tags: attacks, user, cross-site, site, user visits, csrf attacks, sensitive action, action, site completely

XSF & XSS: Double your pleasure, double your fun

2008-09-21 21:00:00 by Russ McRee in HolisticInfoSec.org

...cross-site scripting, and the problems associated with open redirect vulnerabilities. A vulnerability you may be less familiar with is cross-site framing , which largely couples the best of both above-mentioned vulnerabilities What then, if there's a cross-site framing vulnerability coupled with cross-site scripting in the content offered by...

Tags: openhire code, openhire, original openhire cross-site, scottrade site, scottrade, cross-site, site, secure code, code

SDL and Web 2.0

2008-02-28 22:26:00 by sdl in The Security Development Lifecycle

...Cross-Site Scripting (XSS) attack, and

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo