Archive for 2009
Yet another big company hit with SQL Injection problems (BT.com)
March 13, 2009
In last couple of weeks big companies have been attacked and are having big issues with SQL Injection. At this time British Telecom (bt.com) was the target company (see more info at here). Big companies such as Kaspersky , British Telecom and hundreds of others could easily fix these issues with a well-structured SDL process […]
Update: N-Stalker Scanner 2009 build 200 is available
March 8, 2009
N-Stalker has made available for automatic update its latest build of N-Stalker Web Application Security Scanner 2009 (build 200). Version includes enhancements and fixes, including: [Feature] Full URL rewriting support (under configuration section – see user’s manual); [Bug] Fixed crash while processing nested JS (backwards node references); [Bug] Minor adjustments How to Upgrade: Automatically (Commercial […]
XSRF vulnerability in GMail service – Round Two
March 4, 2009
We were getting deeper on possibilities about latest XSRF at GMAIL which allow us to brute force in a kind of stealth mode the user’s password using some hidden tag as img, embeded, iframe, java script and other ways . The advisory showed as a “Proof of Concept” a sequence of password brute forcing using […]
« Older Entries Newer Entries »
