The Five Coolest Hacks Of 2008!!!

Have a look at the five of the coolest hacks  covered  at Dark Reading in 2008 -- unusual and sometimes off-the-wall vulnerabilities that were exposed and exploited this past year by researchers who, driven by their curiosity and imagination, had some fun (possibly at your expense), but all for the ultimate purpose of making daily life more secure. So read more about this on below given link  -- and don't stop looking over your shoulder. Cheers!!!

http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=212500902&pgno=2&queryText=&isPrev= 

Computer Security's Six Most Important Words Of 2008

Well, if you must know, 2008 was a year of tectonic shifts in IT security. The technologies changed, the economy changed, and the role of security changed. Even the people who make the laws about security changed. You could hardly swing a dead server without hitting some major security-shifting event, and most of those events will continue to have repercussions throughout the new year.

 If you need somebody to spell it out for you, Darkreading can do it!!!. Let's look more closely at the six words and what they meant for security in the past year on below given link.

http://www.darkreading.com/security/management/showArticle.jhtml?articleID=212501928&pgno=2&queryText=&isPrev=

2008's biggest tech crime stories!

As the year 2008 draws to a close, here are some of the biggest IT related crimes which i chanced up on in Network World site.

http://www.networkworld.com/slideshows/2008/121508-year-in-cybercrime.html?ts0hb&story=ts_crime08

OWASP Testing Guide V 3.0 is avilable now!

The Open Web Application Security Project (OWASP) is a worldwide free and open community focused on improving the security of application software. OWASP team mission is to make application security "visible," so that people and organizations can make informed decisions about application security risks. Everyone is free to participate in OWASP and all of OWASP materials are available under a free and open software license.

To download the latest version (V 3.0) of OWASP testing guide click on the below link:-

http://www.owasp.org/images/5/56/OWASP_Testing_Guide_v3.pdf

 

Fix for unpatched internet explorer flow

Fix for my previous blog related to internet explorer has been released

The patch details & download information can be found at :

 http://www.microsoft.com/technet/security/bulletin/MS08-078.mspx

American Express web bug exposes card holders!

XSS: Entrenched since November 2008

A glaring vulnerability on the American Express website has unnecessarily put visitors at risk for more than two weeks and violates industry regulations governing credit card companies, a security researcher says.

Among other things, the cross-site scripting (XSS) error on americanexpress.com allows attackers to steal users' authentication cookies, which are used to validate American Express customers after they enter their login credentials.

For more information related to this XSS attack refer below link:-

http://www.theregister.co.uk/2008/12/16/american_express_website_bug/

Unpatched Internet Explorer Flaw Allows Attacks!!!

A security flaw in all versions of Microsoft's Internet Explorer leaves users wide open for attack, with millions of computers already infected. Microsoft did not say when a patch might be available. Simply opening a Web page in IE can infect an unprotected computer. Proper security protection, not a browser switch, is the best defense.
The exploit doesn't require users to click on links or download software from the Internet. Rather, it infects users when they open a Web page. The goal is to steal passwords, according to security experts, gain access to financial data and otherwise steal the victim's identity.

To know more about this refer:-

http://www.enterprise-security-today.com/story.xhtml?story_id=100003G53BD4