Sorry I missed last week, this one will cover the last two weeks.
- NT OBJECTives Releases SQL Invader – NTO SQL Invader finally makes it easy to exploit a SQL Injection vuln from a clean graphical interface. Check out the video demonstration.
- Santa’s CISO failed him! – Another major data leak for 2011
- MySQL.com Once again Compromised using Sql Flaw – The article says it well “MySql website is pretty embarrassed for not securing its own database’s properly”.
- HTML5
- Top 10 HTML5 threats and attack vectors – HTML5 is going to be a treasure trove of attack vectors over the next 2+ years. Heres a good start on a list.
- HTML5 Security Concerns Complicate Deployment Plans – Finally people are starting to slow down the wagon to make sure we arent making things worse.
- It’s ba-ack. Exploit revives slain browser history bug – Im glad to see this type of research being done, because sometimes we assume one style of change will fix a thing, but thats rarely the case in the end.
- OWASP Top 10 for .NET developers part 9: Insufficient Transport Layer Protection – Great write up on making sure the transport layer is secured, and how to recognize when its not.
- Critical Zero-day Vulnerability in Adobe Reader – Another week, another critical flow in adobe.
- Yahoo Messenger 0-Day Exploit allow status message hijacking – This is cool because its basically an XSS attack against the yahoo messenger.
- Millions of printers open to devastating hack attack – Said best by Steve Tornio on twitter “My HP all-in-one printer barely even works. Asking them to code securely is not likely to end well.”
- Cross-Site Scripting vulnerabilities in HP Network Node Manager i 9.10 – While on the topic of HP, heres an Interesting application XSS filter in the GET request evaded by new line characters %0D%0A and XSS filter didn’t exist for POST request. Good bypass!!
- DNS cache poisoning attack on Google, Gmail, YouTube, Yahoo, Apple – Nothing new, but a reminder of how much we trust in DNS and how easy it is to screw with.
Leave a Reply