Sponsored White Papers, Webcasts, and Downloads
ZDNet Resources
- 2008 Pwnie Award nominees announced
- Well, after getting 134 nominations, and spending countless hours pulling out nominees, the judges for the 2008 Pwnie Awards have announced the final nominees to be voted on. From the site: The final list of nominees for the nine Pwnie Award categories is ...
- Tags: Attack, Flaw, Lifelock, Nathan McFeters, Nominee, Security, Vulnerability, XSS, XSS Flaw
- Blog posts 2008-07-21
Additional Resources
- Ouch! Hacker-free e-mail gets hacked
- Did you hear the one about the hacker-free e-mail service that was so confident about its enhanced security measure that it offered up $10,000 to anyone who could hack into it? It got hacked. Here's the part that's really crazy, though. There was initially...
- Tags: Hacker, E-mail, Hacking, Security, Online Communications, Sam Diaz
- Blog posts 2009-06-05
- StrongWebmail CEO's mail account hacked via XSS
- A Webmail service that touts itself as hack-proof and offered $10,000 to anyone who could break into the CEO's e-mail has lost the challenge. A trio of hackers successfully compromised the e-mail using persistent cross-site scripting XSS vulnerability and are now claiming the bounty. ...
- Tags: XSS, CEO, E-mail, Online Communications, Ryan Naraine
- Blog posts 2009-06-04
- Study: password resetting 'security questions' easily guessed
- How secret are in fact the 'secret questions' used for resetting forgotten passwords? Not so secret after all, according to a just published study entitled "It's no secret: Measuring the security and reliability of authentication via 'secret' questions" according to which 17% of the study's participants were not only able...
- Tags: Password, Security Question, Security, Dancho Danchev
- Blog posts 2009-05-19
- Internet Explorer + Google Chrome = security problem
- Security problems surrounding protocol handling and Web browsers have surfaced again -- this time with Google Chrome and Microsoft's Internet Explorer. According to an advisory from the Google Chrome team, there's an error in handling URLs with the a chromehtml: protocol that could allow an attacker...
- Tags: Google Inc., Microsoft Internet Explorer, Google Chrome, Web Browsers, Security, Internet, Ryan Naraine
- Blog posts 2009-04-27
- Twitter worm author gets a job at exqSoft Solutions
- UPDATE: Mikeyy Mooney of Stalk Daily gets Hacked. Here's more info. Now that was so fast that even Owen Thor Walker AKILL and Michael Calce Mafiaboy should envy the short cybercrime-to-job offer cycle here. 17 years old Mikeyy Mooney, the author/spreader of StalkDaily/Mickeyy XSS worm that exploited...
- Tags: Job, Web, XSS, Web Application, Worm, Twitter, Cloud Computing, Cyberthreats, Channel Management, Security, Viruses And Worms, Marketing, Dancho Danchev
- Blog posts 2009-04-17
- Twitter: Can it make security a priority?
- Twitter has been schooled by a 17-year-old hacker over a generic worm that has plagued the social messaging site.  The big question: Can Twitter take security seriously as it wrestles with uptime issues. Dancho Danchev has a nice dissection of Twitter's worm issues. Twitter was hit with at...
- Tags: Twitter, Dancho Danchev, Cyberthreats, Spyware, Adware & Malware, Security, Viruses And Worms, Larry Dignan
- Blog posts 2009-04-14
- Twitter hit by multiple variants of XSS worm
- During the weekend and early Monday, at least four separate variants of the original StalkDaily.com XSS worm hit the popular micro-blogging site Twitter, automatically hijacking accounts and advertising the author's web site by posting tweets on behalf of the account holders, by exploiting cross site scripting flaws at the site....
- Tags: Flaw, XSS, Worm, Twitter, www.StalkDaily.com, Mikeyy XSS, Cyberthreats, Viruses And Worms, Security, Dancho Danchev
- Blog posts 2009-04-14
- Google downplays severity of Gmail CSRF flaw
- Yesterday, Vicente Aguilera Diaz from Internet Security Auditors released proof of concept of a CSRF (Cross-Site Request Forgery) vulnerability in Google's Gmail, which he originally communicated to Google two years ago. The CSRF flaw affects Gmail's "Change Password" function, since according to Diaz the session cookie is automatically sent by...
- Tags: Google Inc., Google Gmail, Password, Flaw, Vulnerability, XSS, CSRF Flaw, E-mail Providers, Cloud Computing, Security, Internet, Dancho Danchev
- Blog posts 2009-03-04
- Flaw exposes Chrome, Firefox to clickjacking
- Flaw exposes Chrome, Firefox to clickjackingStonewalling over IE???How about the flaw in IE 6? IE 7?? After all, most users would be on one of those...not IE 8. LOVE how the headline leaves IE out and focuses on Chrome and Firefox.Whoa!Microsoft actually on top of security issues...
- Tags: Web browsers, Spyware, adware & malware, Cyberthreats, SECURITY, Viruses and worms, Anti-spyware tool, NoScript, Microsoft Internet Explorer, malware, Mozilla Firefox, Web browser
- Discussion threads 2009-01-29
- Four XSS flaws hit Facebook
- Project XSSed, the clearing house for cross site scripting flaws has just released details on four flaws affecting Facebook's developers page, iPhone login page and the new users registration page, potentially assisting malicious attackers into adding more legitimacy to their campaigns. With yet another critical XSS flaw hitting Facebook in...
- Tags: Social Networking, Facebook, Flaw, XSS, Malware, Social Engineering, Security, Dancho Danchev
- Blog posts 2008-12-15
- Hackers exploiting (unpatched) IE 7 flaw to launch drive-by attacks
- Hackers exploiting unpatched IE 7 flaw to launch drive-by attacksCmon Loverock, Comment On This One!That's right, you selectively avoid stories like this. If it's anti-Linux, you pounce right on it.IE7 is a joke.So this doesn't affect XP SP3 or Vista?[i]The Web attacks, first reported by Bob McMillan, takes aim...
- Tags: Web browsers, Microsoft Windows Vista (Longhorn), Microsoft Windows XP Service Pack 2, SECURITY, Microsoft Internet Explorer 7, Microsoft Internet Explorer, Microsoft Windows Vista, Microsoft Windows, exploit, Microsoft Windows XP
- Discussion threads 2008-12-09
- Google: no evidence of a Gmail vulnerability
- Following the speculations on the resurrection of what's thought to be an already fixed Gmail flaw which could assist in domain name hijackings, yesterday Google commented that their investigation indicated that the recent domain hijacks should be attributed to a phishing campaign, rather than to a Gmail flaw. The phishers...
- Tags: Google Inc., Google Gmail, Attacker, Vulnerability, Phishing, Cyberthreats, Spam, E-mail Providers, Security, Viruses And Worms, Spam And Phishing, Internet, Dancho Danchev
- Blog posts 2008-11-26
- News to know: Storm; AMD, Intel; Tech economy reels
- Here are today’s notable headlines. You can get News To Know via email alert and RSS daily: Josh Taylor: Verizon announces BlackBerry Storm availability, pricing Larry Dignan: AMD unveils ‘Shanghai’; Aims to better compete with Intel AMD: Does the resurrection start...
- Tags: Apple iPhone, Best Buy Co. Inc., Larry Dignan, Microsoft Windows 7, Nokia Corp., Shanghai, RIM BlackBerry, Microsoft Corp., Advanced Micro Devices Inc., Intel Corp., Microsoft Windows, Operating Systems, Handhelds, Software, Hardware
- Blog posts 2008-11-13
- Firefox security makeover: 11 vulnerabilities, 4 critical
- Â Mozilla has released a new version of its flagship Firefox browser to fix a total of 11 vulnerabilities that expose users to code execution, information stealing or denial-of-service attacks. Four of the 11 flaws covered with the new Firefox 3.0.4 are rated "critical" because of the risk...
- Tags: Mozilla Firefox, Vulnerability, JavaScript, Web Browser, Mozilla Corp., Web Browsers, Security, Internet, Ryan Naraine
- Blog posts 2008-11-12
- Google fixes critical XSS vulnerability
- All your accounting data are not belong to us. Hours after a proof of concept example detailing a XSS vulnerability at Google's account login page was posted at the XSS Project's clearing house, the company quickly took notice and fixed it. "Security researcher "Xylitol" is...
- Tags: Google Inc., Vulnerability, XSS, XSSed, Security, Dancho Danchev
- Blog posts 2008-11-12
- Black market for zero day vulnerabilities still thriving
- One would assume that popular sources for zero day vulnerabilities+Poc's such as Full-Disclosure, Bugtraq or Milw0rm are the primary sources for obtaining responsibly or irresponsibly released flaws. They'd be wrong. The black market for zero day vulnerabilities and the concept of over-the-counter OTC trade of zero day flaws, has been...
- Tags: Web, Vulnerability, Web Application, SQL Injection, Exploit, Day Vulnerability, E-shop, Security, Dancho Danchev
- Blog posts 2008-11-02
- Exploit code published for Apache Tomcat flaw
- The United States Computer Emergency Response Team (US-CERT) has raised an alarm for a serious vulnerability in Apache Tomcat, warning that a proof-of-concept exploit is publicly available. The code, posted to Milw0rm.com, exploits a directory traversal vulnerability vulnerability in the way Apache Tomcat handles malformed requests. ...
- Tags: HTTP, XSS, Apache Software Foundation, Exploit Code, Apache Tomcat, Flaw, Open Source, Application Servers, Middleware, Enterprise Software, Software, Ryan Naraine
- Blog posts 2008-08-21
- DEFCON 16: List of tools and stuff released
- Â Guest editorial by Rob Fuller DEFCON, the 9000+ attendee hacker conference in Vegas has become a sort of hydra conference. It has become more like a global fair than what most people think of conferences; even the badge is highly...
- Tags: Tool, E-mail Address, E-mail, Productivity, Online Communications, Ryan Naraine
- Blog posts 2008-08-18
- Ounce Labs finds 2 security vulnerabilities in Spring framework
- Code inspector Ounce Labs has identified two vulnerabilities in the open source Spring framework that exposes their enterprise applications to would-be hackers and hijackers. The two issues, ModelView Injection and Data Submission to Non-Editable Fields, affect only the MVC module of the Spring framework, which is used to...
- Tags: Vulnerability, XSS, Framework, Ounce Labs, Spring, Security, Operational Planning, Databases, Business Operations, Enterprise Software, Software, Data Management, Paula Rooney
- Blog posts 2008-07-16
- << Previous
- page 1 of 1
- Next >>
White Papers and Webcasts
When you transition from your existing Red Hat environment to SUSE Linux Enterprise from Novell, you can recognize dramatic cost savings, perhaps as much 50%
If Linux is going to power your mission-critical applications, you'd better have the best support known to business. Novell was rated the top provider of Linux technical support.
A simplified IT environment isn't just less complex. It's also more reliable. Standardize on a single Linux platform with SUSE Linux Enterprise from Novell, and get the world's most interoperable Linux
> Doc delivers the scoop on today's enterprise content management, printer maintenance, and all other issues related to document management. It's the DocuMentor Blog.
