Ruby on Rails – JSON Parser Vulnerability The JSON parser which converts JSON into YAML and in turn hands over to the YAML parser is buggy. The fix delivered replaces the YAML backend (yaml.rb) which…
Last week, hackers gained access to Twitter’s internal systems and stole information, compromising 250,000 accounts. In a blog post, on Friday, Twitter announced that they had recorded some unusual access patterns that was identified as…
An Indian researcher, Prakhar Prasad found a Blind SQL Injection vulnerability in the Paypal Notifications (https://www.paypal-notify.com) application as part of a bug bounty program. The bug enabled him to access the Paypal Notifications system database. The Paypal team patched…
On the morning of the Twitter attack, I received this email: On one hand, I appreciate that Twitter was up front with their users, but it also bothers me when companies make use of bad…
Most people are starting to realize that they need to start using more complex passwords, but generally believe: complex password = hard to remember This is not true. The solution I have been using for…
As I have discussed in previous posts and at conferences, like OWASP AppSecUSA, while the number of attacks continue to increase, the attack techniques aren’t new at all. They are actually the same old attacks…
All aboard the Pineapple Express, its a speeding bullet to the mobile backend! I’m looking forward to speaking at the upcoming B-Sides San Francisco. Most of the mobile security research has been focused on the apps…
Anonymous Hackers hacked and defaced United States Sentencing Commission under the operation called “#opLastResort”. And also threatened the US government to release sensitive information. Hacked Site: http://www.ussc.gov Cached Deface Page on Google: The website…
New White Paper: The Widening Web Application Security Scanner Coverage Gap in RIA, Mobile and Web Services – Is Your Scanner Like the Emperor’s New Clothes? The research detailed in this white paper explains the…
Google Morocco was the latest victim of a Domain Name System or DNS attack. A notorious Pakistani leet hacker group named, “PAKbugs”, hijacked Google Morocco’s official website (www.google.co.ma). Defaced Page: This is not the first…