Pak hacker attacks E Rlys site, threatens cyber war on India.

In the first instance of cyber attack on Indian government websites, the attack on Eastern Railways site on Wednesday popped open vulnerability of government websites in the country. 

Read More:http://www.financialexpress.com/news/Pak-hacker-attacks-E-Rlys-site-threatens-cyber-war-on-India/402609/

SBI shuts website after hackers break in!

The State Bank of India, the country’s largest bank, has had to shut down its corporate website after overseas hackers tried to break in.

While the bank said that transactions took place through www.onlinesbi.com, a senior SBI source said that the transactions were slow as the entire system was under watch.

The country’s largest bank decided to shut down its corporate website www.sbi.co.in on Wednesday evening when hackers blocked some of the pages. The bank also noticed unusually high traffic on its website on Wednesday.

Read More:http://www.business-standard.com/india/storypage.php?autono=344523

Frame Injection in Google!!

A frame injection attack is an attack on Internet Explorer 5, Internet Explorer 6 and Internet Explorer 7 to load arbitrary code in the browser. This attack is caused by Internet Explorer not checking the destination of the resulting frame, therefore allowing arbitrary code such as JavaScript or VBScript. This also happens when code gets injected through frames due to scripts not validating their input. This other type of frame injection affects all browsers and scripts that do not validate untrusted input.

Checkout the below link on which it worked

http://images.google.com/imgres?imgurl=http://ratheeshkannan.blogspot.com&imgrefurl=http://ratheeshkannan.blogspot.com

The Five Coolest Hacks Of 2008!!!

Have a look at the five of the coolest hacks  covered  at Dark Reading in 2008 -- unusual and sometimes off-the-wall vulnerabilities that were exposed and exploited this past year by researchers who, driven by their curiosity and imagination, had some fun (possibly at your expense), but all for the ultimate purpose of making daily life more secure. So read more about this on below given link  -- and don't stop looking over your shoulder. Cheers!!!

http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=212500902&pgno=2&queryText=&isPrev= 

Computer Security's Six Most Important Words Of 2008

Well, if you must know, 2008 was a year of tectonic shifts in IT security. The technologies changed, the economy changed, and the role of security changed. Even the people who make the laws about security changed. You could hardly swing a dead server without hitting some major security-shifting event, and most of those events will continue to have repercussions throughout the new year.

 If you need somebody to spell it out for you, Darkreading can do it!!!. Let's look more closely at the six words and what they meant for security in the past year on below given link.

http://www.darkreading.com/security/management/showArticle.jhtml?articleID=212501928&pgno=2&queryText=&isPrev=

2008's biggest tech crime stories!

As the year 2008 draws to a close, here are some of the biggest IT related crimes which i chanced up on in Network World site.

http://www.networkworld.com/slideshows/2008/121508-year-in-cybercrime.html?ts0hb&story=ts_crime08

OWASP Testing Guide V 3.0 is avilable now!

The Open Web Application Security Project (OWASP) is a worldwide free and open community focused on improving the security of application software. OWASP team mission is to make application security "visible," so that people and organizations can make informed decisions about application security risks. Everyone is free to participate in OWASP and all of OWASP materials are available under a free and open software license.

To download the latest version (V 3.0) of OWASP testing guide click on the below link:-

http://www.owasp.org/images/5/56/OWASP_Testing_Guide_v3.pdf

 

Fix for unpatched internet explorer flow

Fix for my previous blog related to internet explorer has been released

The patch details & download information can be found at :

 http://www.microsoft.com/technet/security/bulletin/MS08-078.mspx

American Express web bug exposes card holders!

XSS: Entrenched since November 2008

A glaring vulnerability on the American Express website has unnecessarily put visitors at risk for more than two weeks and violates industry regulations governing credit card companies, a security researcher says.

Among other things, the cross-site scripting (XSS) error on americanexpress.com allows attackers to steal users' authentication cookies, which are used to validate American Express customers after they enter their login credentials.

For more information related to this XSS attack refer below link:-

http://www.theregister.co.uk/2008/12/16/american_express_website_bug/

Unpatched Internet Explorer Flaw Allows Attacks!!!

A security flaw in all versions of Microsoft's Internet Explorer leaves users wide open for attack, with millions of computers already infected. Microsoft did not say when a patch might be available. Simply opening a Web page in IE can infect an unprotected computer. Proper security protection, not a browser switch, is the best defense.
The exploit doesn't require users to click on links or download software from the Internet. Rather, it infects users when they open a Web page. The goal is to steal passwords, according to security experts, gain access to financial data and otherwise steal the victim's identity.

To know more about this refer:-

http://www.enterprise-security-today.com/story.xhtml?story_id=100003G53BD4