Surviving the Week – 03/23/2012

Joomla vulnerability

One of the world’s leading CMS solutions, Joomla (Version 2.5.1) was vulnerable to Blind SQL Injection. Joomla reported the vulnerability February 29th and reported it resolved March 5th.

By exploiting Blind SQL Injection, an attacker can enumerate a database which can potentially result in complete loss of data and functionality. Subsequently, this vulnerability can lead to web site defacement or access to internal network.

This should serve as a reminder that building web applications on top of popular and well reviewed platforms can still leave you at risk to serious security breaches. These are the types of vulns that script-kiddies love to perform mass attacks against.

Read more: http://developer.joomla.org/security/news/391-20120301-core-sql-injection

Microsoft SharePoint missing protection

Apparently, Microsoft SharePoint 2007 & 2010 is missing protection against Frame Injection & Click-Jacking. Microsoft SharePoint fails to send X-Frame-Options to the server. An attacker can leverage this vulnerability to inject a frame in the page. This frame can access information in the framed page. The way it works is that X-Frame-Options instructs the browser to disallow framing. If a content management application and SharePoint are both vulnerable, do you have all security controls in place???

Read more: http://packetstormsecurity.org/news/view/20744/Microsoft-SharePoint-Exposes-Privates-In-Sniffing-Hack.html

How to prepare for google’s privacy change

On Thursday, Google’s much-discussed new privacy policy went into effect. Here are some useful tips to avoid leaking your private data:

  1. Don’t sign in unless it is required
  2. Remove your Google search history
  3. Clear your YouTube history
  4. Set chat to Off-the-record

Read more: http://edition.cnn.com/2012/02/29/tech/web/protect-privacy-google/index.html

facebooktwittergoogle_plusredditpinterestlinkedin
About Dan Kuykendall 159 Articles
Connect with Dan on Google+

Be the first to comment

Leave a Reply

Your email address will not be published.


*