SecurityRatty: tag: html

The Extended HTML Form Attack Revisited

2008-07-09 15:29:05 by Editor in Help Net Security - Articles

HTML forms are one of the features in HTTP that allows users to send data to HTTP servers. An often overlooked feature is that due to the nature of HTTP, the web browser has no way of identifying betw

Tags: html forms, web browser, due, features, data, users, betw, nature, feature

Compromised Web Servers Serving Fake Flash Players

2008-08-05 14:50:04 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge

...html file, where an IFRAME attempts to access the traffic management command and control, in a random URL it was 207.10.234.217/cgi-bin/index.cgi?user200 . A sample list of participating URLs, most of which are still active and running joseantoniobaltanas .com automoviliaria .es/hotnews.html risasnc .it/fresh.html carpe-diem...

Tags: file, html file, html, comtopnews, detopnews, windows media player, player, web, real player exploit

Google Spamming Us

2007-12-20 22:11:11 by RSnake in ha.ckers.org web application security lab

...html Not too bad for a robot. How about some totally innane Apache directory structure stuff that couldnt possibly work 66.249.73.40 - - [26/Nov/2007:00:46:03 +0000] GET /bluehat-spring-2007/?C=S;O=A HTTP/1.1 200 3681 - Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html Someone needs to figure out how UTF-7 works...

Tags: google, html http1, http1, html, google likes viagra, referrer spam, spam, google spam, con google

The DDoS Attack Against CNN.com

2008-04-22 19:30:53 by HASH0x8b2d1ec in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge

...html 80aft.com/cnn.htm tom765.cn/cnn.html ah930.com/cnn.htm 0851qiche.cn/cnn.html xdadmin.com/cnn.html ah930.com/cnn.html s234sdf3.cn.webz.datasir.com/cnn.asp bbscar.com.cn/cnn 120abc.cn/cn n.html hospltal.cn/cnn.html bbs.cityzx.cn/cnn.htm bestmf.cn/cnn.html anlycloud.com/cnn/cnn qibubbs.net/ddoscnn.htm maje.cn/cnn.html...

Tags: ddos, ddos-ing cnn, cnn, ddos people, warfare, information warfare attack, attack, ddos attack, chinese script kiddies

Automating web application security testing

2007-07-16 11:40:00 by Panayiotis Mavrommatis in Google Online Security Blog

...HTML document, the appropriate sanitization depends on the specific context in which the data is inserted into the HTML document. The context could be in the regular HTML body, tag attributes, URL attributes, URL query string attributes, style attributes, inside JavaScript, HTTP response headers, etc The following are some (by no means...

Tags: web application, application, input, input parameters, accepts user input, xss, xss vulnerabilities, security, security team check

The top 10 spam characteristics (#1-5)

2006-10-03 04:13:56 by Administrator in Email security & compliance blog

...HTML body : HTML messages usually include a plain text version of the email so that recipients with email clients that cannot read HTML can still view the message in plain text. However, many spammers tend to send HTML messages without this plain text body part. This is done to save on size and to force recipients to read the HTML version...

Tags: spam, spam characteristics, top spam characteristics, spam characteristic, spam mails, avoid spam messages, html comment tags, comment tags, flag spam correctly

RBN's Phishing Activities

2008-02-27 13:20:49 by HASH0x8b05fb8 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge

...html 81.95.149.226/scm/uk/lloydstsb/personal/index.html 81.95.149.226/scm/cyprus/persmain.html 81.95.149.226/scm/au/westpac/index.html 81.95.149.226/scm/au/commonwealth 81.95.149.226/scm/au/warwickcreditunion/index.html 81.95.149.226/scm/uk/lloydstsb/business/index.html 81.95.149.226/scm/uk/halifax.php...

Tags: rbn, html, historical screenshot, screenshot, rbn urls, network, russian business network, nuklus production speaks, nuklus

The top 10 spam characteristics (#6-10)

2006-09-27 06:01:03 by Administrator in Email security & compliance blog

...HTML exists : Some spam messages include a code for identification in the text of the message. The text is entered outside the HTML tags so as to hide the code from the recipient. There is no legitimate reason to add text outside HTML tags, so the mere presence of illegal HTML can be treated as suspicious 9. Message body contains small font...

Tags: spam, spam characteristics, spam characteristic, todays spam mails, mails, email address, complete email address, detect spam, spam messages include

A Localized Bankers Malware Campaign

2008-03-25 14:59:06 by HASH0x8b6136c in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge

...html 75.125.251.40/home/it/it2.html 75.125.251.40/home/it/iutb.html 75.125.251.40/home/br/bj1.html Internal hardcoded email addresses receiver.guzano@ gmail.com receiver.smtp@ gmail.com ladrao.contatos@ gmail.com urls.file@ gmail.com receiver.guzano@ gmail.com The bottom line, the campaign is well organized, primarily targeting Portuguese...

Tags: malware, bankers malware campaign, malware malware, malware campaigns, malicious malware, banker malware, bankers malware, malware authors, campaign

July 2007 - Operating System Vulnerability Scorecard

2007-08-16 22:47:26 by jrjones in Jeff Jones Security Blog

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo