Ruby on Rails – JSON Parser Vulnerability The JSON parser which converts JSON into YAML and in turn hands over to the YAML parser is buggy. The fix delivered replaces the YAML backend (yaml.rb) which…
A Lesser Cross-Site Scripting Attack Greater Than Your Regex Security A lot of developers rely on regex to protect against XSS. The following article demonstrates different mechanisms on how developers use regex and how they…
SSNs, Salary Information Exposed In Breach of Army Servers Computer hackers have illegally gained access to personal information of more than 36,000 people connected to Army commands formerly based at Fort Monmouth. An Army spokeswoman…
The 2012 Web Session Intelligence & Security Report: Business Logic Abuse Edition The business logic abuse scenarios presented by the Ponemon Institue are web scraping, account hijacking, click fraud, botnets causing denial of service, electronic…
HTML5 Definition Complete, W3C Moves to Interoperability Testing and Performance The 5th revision of HTML is regarded as the future of web markup language. The long awaited specs for HTML5 have been finalized. This week,…
Most Healthcare Organizations Suffered Data Breaches Two separate reports released this week show the critical condition of U.S. healthcare organizations and hospitals when it comes to data breaches, with 94 percent of healthcare organizations hit…
Detecting Successful XSS Testing with JS Overrides with ModSecurity The following link demonstrate a proof of concept that uses ModSecurity to add defensive Javascript to response pages that will identify when web browsers execute certain…
In the United Kingdom, hackers attempted to alter the value of goods before trying to buy the items with a stolen credit card. Multiple online companies were able to prevent these attacks. Law enforcement is…
PCI Security Standards Council Adds Guidelines for Data Security Standards Risk Assessment PCI Security Standards Council released guidelines for DSS risk assessment. There are three key recommendations: Organizations should implement a formalized risk assessment methodology…
Not a Great Week for Password Protection Earlier in the week, we saw Twitter forcing users to change their password due to some password loss. Later in the week, a password vulnerability was disclosed in…