Joomla vulnerability
One of the world’s leading CMS solutions, Joomla (Version 2.5.1) was vulnerable to Blind SQL Injection. Joomla reported the vulnerability February 29th and reported it resolved March 5th.
By exploiting Blind SQL Injection, an attacker can enumerate a database which can potentially result in complete loss of data and functionality. Subsequently, this vulnerability can lead to web site defacement or access to internal network.
This should serve as a reminder that building web applications on top of popular and well reviewed platforms can still leave you at risk to serious security breaches. These are the types of vulns that script-kiddies love to perform mass attacks against.
Read more: http://developer.joomla.org/security/news/391-20120301-core-sql-injection
Microsoft SharePoint missing protection
Apparently, Microsoft SharePoint 2007 & 2010 is missing protection against Frame Injection & Click-Jacking. Microsoft SharePoint fails to send X-Frame-Options to the server. An attacker can leverage this vulnerability to inject a frame in the page. This frame can access information in the framed page. The way it works is that X-Frame-Options instructs the browser to disallow framing. If a content management application and SharePoint are both vulnerable, do you have all security controls in place???
How to prepare for google’s privacy change
On Thursday, Google’s much-discussed new privacy policy went into effect. Here are some useful tips to avoid leaking your private data:
- Don’t sign in unless it is required
- Remove your Google search history
- Clear your YouTube history
- Set chat to Off-the-record
Read more: http://edition.cnn.com/2012/02/29/tech/web/protect-privacy-google/index.html
Leave a Reply