Take XSS to the bank
Looks like HSBC has a number of scripting flaws.
Sticky Tarpits
Something that was brought to my attention was this sticky honeypot that encourages scanning and attacks from the usual nasties of viruses, worms and hackers. This is an open source project called LaBrea. In some ways, it is like an Intrusion Detection System (IDS) that monitors traffic for suspicious activity or even an Intrusion Prevention […]
DDoS
I’ve heard a lot of more talk about this lately. In particular, how to test it? Now testing it, requires one of two things. Access to multiple connections with large bandwidth, which is expensive. Alternatively, access to a network of zombie hosts around the world, which is unethical. So testing is almost impossible. However, steps […]
Domain Hijacking
There has been a recent spate of domain hijacking. Even IANA and ICANN who have authority over some of the most the Internet’s most critical functions suffered from domain hijacking. Photobucket and Comcast have suffered the same fate. The attack may have simply been caused by a single email to the technical staff to update […]
SQL-Injection: Microsoft and HP help out?
SQL-Injection: Microsoft and HP help out?
Both Microsoft and HP have released a free set of tools that will check web applications for any weaknesses that revolve poor parameter filtering that would lead to SQL injection or XSS. HP have released Scrawlr, which based around the commercial product, WebInspect Wait a second, didn’t Spidynamics create WebInspect? […]