web forgery

ZDNet Resources

• sort by:
• Relevance
• Date
• Popularity

Twitter and web forgery

Fools spewing private dataThese sites are for foolish people who do notunderstand putting your personal life on apublic Internet and the fact your data is NOT owned by you anylonger.RE: Twitter and web forgeryTrust and identity is a glaring missing piece on Internet. Eventually someone has to provide something to...

Tags: web forgery, Twitter Inc., Web

Discussion threads 2009-11-05

Additional Resources

News to know: Windows 7; Google Dashboard; Driving while texting; Steve Jobs; Droid

Here are today's notable headlines. You can get News To Know via email alert and RSS daily. For continuous updates see BNET's around-the-Web tech coverage.: Sam Diaz: Ballmer: So far, Windows 7 sales are "fantastic" Dana Blankenhorn: What the Google Privacy Dashboard can...

Tags: Steve Jobs, Google Inc., Web, Dana Blankenhorn, Verizon Communications Inc., Mary Jo Foley, Dashboard, Microsoft Corp., Sam Diaz, Microsoft Windows 7, Microsoft Windows, Channel Management, Operating Systems, Software, Marketing

Blog posts 2009-11-06

Twitter and web forgery

Last evening as I was winding down after a long journey imagine my surprise when I started to receive a tsunami of @ replies on my Twitter account. Apparently I was direct messaging a stack of people I don't know with a link to something that...

Tags: Web, Password, Twitter Inc., Robert Scoble, Security, Dennis Howlett

Blog posts 2009-11-05

ThreatSentry 3.0.94.0 (Windows)

ThreatSentry is a multi-layered Web Application Firewall that protects Microsoft Windows Web servers from a broad range of web application threats including Cross Site Request Forgery (CSRF/XSRF), Structured Query Language SQL Injection, Cross-Site Scripting XSS and other attacks. ThreatSentry combines an advanced web application firewall, a proprietary NDIS driver, and...

Tags: Web Application, Microsoft Windows, Privacyware, ThreatSentry, Cloud Computing, Firewalls, Intrusion Prevention, Networking, Security

Software downloads 2009-07-28

Elvis, your e-passport is ready!

E-passports not only threaten your personal safety traveling, the RFID chips are easy to clone and fake. How easy? Here's the picture of Elvis Presley's e-passport: The photo is taken from a passport scanner at a Dutch airport - no alarms or errors....

Tags: E-passport, Passport, Chip, Hacker, E-passport Chip Business, RFID, Wireless And Mobility, Security, Biometrics, Robin Harris

Blog posts 2009-07-19

Coming in July: Month of Twitter Bugs

A well-known security researcher plans to use the month of July to expose serious vulnerabilities in the Twitter ecosystem. The Month of Twitter Bugs, a project which launches on July 1, is the handiwork of Aviv Raff left, a researcher known for his work on Web-based security...

Tags: Vulnerability, Twitter, Aviv Raff, Web 2.0, Security, Internet, Ryan Naraine

Blog posts 2009-06-15

Twitter API ripe for abuse by web worms

A security researcher is warning that the Twitter API can be trivially abused by hackers to launch worm attacks. The red-hot social networking/microblogging service has been scrambling to plug cross-site scripting and other Web site vulnerabilities to thwart worm attacks but, as researcher Aviv Raff points out,...

Tags: Web, API, Worm, Twitter, Twitpic, Cyberthreats, Viruses And Worms, Security, Ryan Naraine

Blog posts 2009-05-26

Five 'must-secure' Web app vulnerabilities

Security holes in the Apache Geronimo Application Server and SAP cFolders headline a list of five serious Web app vulnerabilities that demand immediate attention. According to Mark Painter from the HP Security Laboratory, the Geronimo flaws expose users to a variety of attack vectors that could lead...

Tags: Novell Inc., Apache Geronimo, Attacker, Vulnerability, XSS, Web Application, SAP AG, Attack, Authentication Credential, SAP cFolders SAP cFolders, CS Whois Lookup CS Whois Lookup, Security, Ryan Naraine

Blog posts 2009-04-29

ServerDefender AI 1.4.3 (Windows)

Prevent common, dangerous Web hacker attacks (like SQL injection, buffer overflows, cross-site scripting and request forgery, directory traversal, zero-day, brute force, and denial of service attacks) with this low-cost Microsoft IIS Web application firewall. Go beyond signatures with neural learning to white list good traffic and block new or unknown...

Tags: Microsoft Windows, Port80 Software, Security, Hacking, Firewalls, Networking

Software downloads 2009-04-14

Google downplays severity of Gmail CSRF flaw

Yesterday, Vicente Aguilera Diaz from Internet Security Auditors released proof of concept of a CSRF (Cross-Site Request Forgery) vulnerability in Google's Gmail, which he originally communicated to Google two years ago. The CSRF flaw affects Gmail's "Change Password" function, since according to Diaz the session cookie is automatically sent by...

Tags: Google Inc., Google Gmail, Password, Flaw, Vulnerability, XSS, CSRF Flaw, E-mail Providers, Cloud Computing, Security, Internet, Dancho Danchev

Blog posts 2009-03-04

URL rewriting can help thwart Web app attacks

A Microsoft Web application security specialist is suggesting an offbeat defense-in-depth strategy to protect Web sites and applications from cross-site scripting XSS and cross-site request forgery XSRF attacks. According to Bryan Sullivan, security program manager for Redmond's Security Development Lifecycle team, Web developers should consider URL Rewriting...

Tags: Hyperlink, Attacker, Vulnerability, XSS, Web Application, Attack, Microsoft Web Application Security Specialist, Bryan Sullivan, E-mail, Security, Online Communications, Ryan Naraine

Blog posts 2009-02-27

ACLs Don't

The ACL model is unable to make correct access decisions for interactions involving more than two principals, since required information is not retained across message sends. Though this deficiency has long been documented in the published literature, it is not widely understood. This logic error in the ACL model is...

Tags: Hewlett-Packard Co., Cloud Computing

White papers 2009-02-06

Digital Signature System - Ten Tips for Selecting the Best Electronic Signature Solution

As the traditional "Paper-based" world gives way to digital documentation and transactions, enterprises are demanding innovative solutions for digitally signing and authenticating such documents, files, and forms with iron-clad protection against forgery. Solutions must guarantee non-repudiation and promise the same level of security and trust that exists with conventional documentation....

Tags: Solution, Digital Signature, ARX, Digital Signatures, Roi/Tco, Authentication/Encryption, Digital Security, Web Browsers, Security, Finance, Managerial Accounting, Internet

White papers 2009-01-01

Digital Signature System - Ten Tips for Selecting the Best Digital Signature Solution

As the traditional "Paper-Based" world gives way to digital documentation and transactions, enterprises are demanding innovative solutions for digitally signing and authenticating such documents, files, and forms with iron-clad protection against forgery. Solutions must guarantee non-repudiation and promise the same level of security and trust that exists with conventional documentation....

Tags: Solution, Digital Signature, ARX, Digital Signatures, Authentication/Encryption, Digital Security, Roi/Tco, Security, Finance, Managerial Accounting

White papers 2009-01-01

Hacking Exposed Webinar

The presenter of this webcast outlines the state of hacking as it exists today. He also profiled three contemporary hacks with associated countermeasures. The hacks profiled include hacking the web: Cross-Site Request Forgery, Hacking SSL: SSLstripe, Hacking the Phone: What happens when the root access "feature".

Tags: Webinar, Hacking, Security

Webcasts 2009-01-01

Robust Defenses for Cross-Site Request Forgery

Cross-Site Request Forgery CSRF is a widely exploited web site vulnerability. This paper presents a new variation on CSRF attacks, login CSRF, in which the attacker forges a cross-site request to the login form, logging the victim into the honest web site as the attacker. The severity of login CSRF...

Tags: Web, Login, Association For Computing Machinery, Web Site, Web Site Development, Productivity, Web Technology, Channel Management, Security, Internet, Marketing

White papers 2008-10-31

'End of life' beckons for Firefox 2

If you have not yet upgraded to Firefox 3, keep in mind that Mozilla is very close to pulling the plug on support for older versions of the browser. Support for Firefox 2, which includes security and stability patches, is scheduled to end six months after Firefox...

Tags: Mozilla Firefox 3.0, Mozilla Firefox, Mozilla Firefox 2.0, Web Browsers, Internet, Ryan Naraine

Blog posts 2008-10-29

CSRF vulnerability allows Twitter 'follow' abuse

Last week, TechCrunch's Jason Kincaid wrote about an obvious Twitter vulnerability that allowed a user called "johng77536" to game the popular micro-blogging service to add thousands of followers subscribers in a short period of time. The "johng77536" account has since been disabled but a security researcher tracking...

Tags: Vulnerability, Twitter, Aviv Raff, Security, Ryan Naraine

Blog posts 2008-07-31

Ounce Labs finds 2 security vulnerabilities in Spring framework

Code inspector Ounce Labs has identified two vulnerabilities in the open source Spring framework that exposes their enterprise applications to would-be hackers and hijackers. The two issues, ModelView Injection and Data Submission to Non-Editable Fields, affect only the MVC module of the Spring framework, which is used to...

Tags: Vulnerability, XSS, Framework, Ounce Labs, Spring, Security, Operational Planning, Databases, Business Operations, Enterprise Software, Software, Data Management, Paula Rooney

Blog posts 2008-07-16

Google ships open-source Web security assessment tool

The Google security team has released a free, open-source Web app security assessment tool capable of flagging vulnerabilities and potential security threats in Internet-facing applications. The tool, called Ratproxy, is described as a passive Web application security audit tool designed to analyze legitimate, browser-driven interactions with tested Web...

Tags: Google Inc., Web, Web Application, Web Security, Tool, Google Security Team, Productivity, Open Source, Security, Ryan Naraine

Blog posts 2008-07-01