SEARCH RESULTS
 
Showing 1-10 of 140 records
 
Expand article

Lost Horizon Blue Cross Blue Shield of New Jersey laptop

The Article has images
2008-02-11 13:52:36 by Evan Francen in The Breach Blog
Technorati Tag: Security Breach Date Reported 1/29/08 Organization Horizon Blue Cross Blue Shield of New Jersey (BCBSNJ Horizon Blue Cross Blue Shield of New Jersey (Horizon BCBSNJ), a not-for-profit organization headquartered in Newark, is the state's largest health insurer Contractor/Consultant/Branch None Victims Horizon BCBSNJ members ...
 
Tags: horizon, horizon bcbsnj takes, horizon bcbsnj, data, medical data, jersey, remotely destroy data, bcbsnj, laptop
 
 
 
 
Expand article

Laptop stolen from Cross Country Staffing employee

The Article has images
2008-02-12 12:27:55 by Evan Francen in The Breach Blog
Technorati Tag: Security Breach Date Reported 2/8/08 Organization Cross Country Staffing Contractor/Consultant/Branch None Victims Employees Number Affected Unknown According to the breach notification "Approximately 45 New Hampshire residents were affected by this incident Types of Data Names, Social Security numbers, and addresses ...
 
Tags: sensitive personal information, personal information, cross country, information, confidential information, employees, cross country employees, laptop, information security breach
 
 
 
 
Expand article

Cross-Device-Type Log Management vs Device-Specific Log Management

2008-06-02 14:38:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -
 
Now, I have to first admit that, in general, dealing with logs on a device-specific basis is a cruel joke . What I mean here is when you gather Windows logs in one place, Linux logs in another place, database logs in yet another place; all in different formats, all in different systems not connected to each others, all managed by different...
 
Tags: logs, pci relevant logs, log management, database logs, logs remain, gather windows logs, device-specific log management, server logs, type
 
 
 
 
Expand article

Cross-site scripting CAN be used to hack a server

2008-08-05 22:06:00 by Russ McRee in HolisticInfoSec.org
 
Likely you remember when Joseph Pierini at McAfee Secure / Hacker Safe said XSS wasn't important because "cross-site scripting can't be used to hack a server. You may be able to do other things with it. You may be able to do things that affect the end-user or the client. But the customer data protected with the server, in the database, isn't...
 
Tags: server, server hack, hack, manager, file manager tool, file, root password, email, cpanel user
 
 
 
 
Expand article

New Anti-Cross Site Scripting Library Available

2006-11-27 08:01:00 by Eric Marvets in The Security Samurai
 
For those of you who don't know, Cross Site Scripting or XSS is when an application displays input that originated from the client. This could be a URL, cookie variables, as well as form field variables. Virtually every site is susceptible to these types of attacks, regardless of the server or client environments On every penetration test I...
 
Tags: library, xss, xss attacks, anti-xss library, vulnerability, xss vulnerability, cross site, site, xss attack
 
 
 
 
Expand article

Cross Site Printing

2008-01-08 22:32:52 by RSnake in ha.ckers.org web application security lab
 
Aaron Weaver has taken the concept of Inter protocol XSS hacking to the next annoying level. Thats right folks, he has figured out that you can do cross site printing . That is, when you visit a malicious website, it can attempt to connect to and send data to your printer on your local network. The obvious use? You got it, spam So now, when you...
 
Tags: ascii art, cross site, aaron weaver, print, visit sites, printer, visit, inter protocol xss, print job
 
 
 
 
Expand article

PayPal plugs cross-site scripting hole that sidestepped stronger security

2008-05-19 13:00:00 by Editor in Computerworld Security News
 
PayPal said today that it has patched a critical cross-site scripting vulnerability that was revealed on Friday by a Finnish researcher
 
Tags: critical cross-site, paypal, finnish researcher, friday, vulnerability
 
 
 
 
Expand article

New Cross-Site Request Forgery Attacks

2008-10-06 05:42:04 by schneier in Schneier on Security
 
Interesting : CSRF vulnerabilities occur when a website allows an authenticated user to perform a sensitive action but does not verify that the user herself is invoking that action. The key to understanding CSRF attacks is to recognize that websites typically don't verify that a request came from an authorized user. Instead they verify only that...
 
Tags: attacks, user, cross-site, site, user visits, csrf attacks, sensitive action, action, site completely
 
 
 
 
Expand article

XSF & XSS: Double your pleasure, double your fun

The Article has images
2008-09-21 21:00:00 by Russ McRee in HolisticInfoSec.org
If you've read this blog, or those of my peers, you're likely quite familiar with cross-site scripting, and the problems associated with open redirect vulnerabilities. A vulnerability you may be less familiar with is cross-site framing , which largely couples the best of both above-mentioned vulnerabilities What then, if there's a cross-site...
 
Tags: openhire code, openhire, original openhire cross-site, scottrade site, scottrade, cross-site, site, secure code, code
 
 
 
 
Expand article

SDL and Web 2.0

2008-02-28 22:26:00 by sdl in The Security Development Lifecycle