Wednesday, 15 April 2009

Curt Monash on Slashdot wrote: "Twitter was hit Saturday by a worm that caused victims' accounts to tweet favorably about the StalkDaily website. Infection occurred when one went to the profile page of a compromised account, and was largely spread by the kind of follower spam more commonly used by multi-level marketers.

Friday, 3 April 2009

A security researcher who goes by the nickname "methodman", today reported a few critical security vulnerabilities affecting Ebay.co.uk. Earlier, he alerted Ebay staff about the issue, but didn't get any response...

Sunday, 29 March 2009

Independent security researchers Rosario Valotta and Matteo Carli have discovered a critical security vulnerability impacting all worldwide webmail applications based on the Memova framework (developed by Critical Path ).

Wednesday, 25 February 2009

Security researcher Pierre Gardenat is preparing a paper for the SSTIC 09 (http://www.sstic.org/SSTIC09/info.do - Rennes 3,4 and 5th June 2009) on the evolution of XSS threats; since wide social networks like Facebook can become powerful attack vectors, it was interesting to see if some of these networks were vulnerable to permanent XSS attacks, which would make XSS worm spreading possible.

Friday, 30 January 2009

Get it while it's hot! Pierre Gardenat submitted a very interesting reflective cross-site scripting vulnerability affecting the login page of Google Sites.

Wednesday, 28 January 2009

Daniel Lo Nigro has discovered a trick to bypass the Myspace filters and insert a script on a Myspace band profile.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18