CGISecurity - Website and Application Security Newstag:typepad.com,2003:weblog-16948542009-01-07T09:44:57-08:00All things related to website, database, SDL, and application security since 2000.
CGISecuritySacked Croydon hacker spied on former colleagues' e-mailstag:typepad.com,2003:post-610018342009-01-07T09:44:57-08:002009-01-07T09:45:07-08:00"An IT expert sacked for lying on his CV hacked into his company's computer system to spy on his former colleagues - and deleted vital information which led to the loss of jobs. Julius Oladiran, 46, was dismissed from after his employers discovered his boasts of a master's degree, and top...Roberthttp://www.cgisecurity.net/2009/01/sacked-croydon-hacker-spied-on-former-colleagues-emails.htmlTwitter hacked via weak passwords to admin systemtag:typepad.com,2003:post-609985762009-01-07T08:38:22-08:002009-01-07T08:39:15-08:00"A teenage hacker, known in the digital underground as GMZ, claims he obtained access to the micro-blogging site’s admin controls using a brute force dictionary attack. After guessing the login identity of an administrator, in part based on the large number of people she followed, GMZ ran an automated password guessing...Roberthttp://www.cgisecurity.net/2009/01/twitter-hacked-via-weak-passwords-to-admin-system.htmlCheckFree warns 5 million customers after DNS hacktag:typepad.com,2003:post-609711722009-01-06T17:52:53-08:002009-01-06T17:53:32-08:00"Tolley wouldn't say what banks were affected by the hack, but the majority of these five million customers were CheckFree's own users, she said. In total, about 42 million customers access CheckFree's bill payment site, she said. Customers who went to CheckFree's Web sites between 12:35 a.m. and 10:10 a.m. on...Roberthttp://www.cgisecurity.net/2009/01/checkfree-warns-5-million-customers-after-dns-hack.htmlBuilding a Web Application Security Program, Part 8: Putting It All Together tag:typepad.com,2003:post-609618622009-01-06T13:35:11-08:002009-01-06T13:35:18-08:00"Whew! This is our final post in this series on Building a Web Application Security Program (Part 1, Part 2, Part 3, Part 4, Part 5, Part 6, Part 7), and it’s time to put all the pieces together. Here are our guidelines for designing a program that meets the needs...Roberthttp://www.cgisecurity.net/2009/01/building-a-web-application-security-program-part-8-putting-it-all-together-.htmlHackers Post Faked Report of Steve Jobs's Deathtag:typepad.com,2003:post-609541042009-01-06T11:18:27-08:002009-01-06T11:18:33-08:00"MacRumors, one of the many sites which cover Apple's annual Macworld product launches, has had its live coverage infiltrated, with someone adding the false news of Steve Jobs's death to the blow-by-blow reports."Here's the very amusing screenshot of the incident.http://cache.gawker.com/assets/images/gawker/2009/01/macrumorshacked.jpgRead more: http://valleywag.gawker.com/5124580/hackers-post-faked-report-of-steve-jobss-deathRoberthttp://www.cgisecurity.net/2009/01/hackers-post-faked-report-of-steve-jobss-death.htmlPak hackers plan attack on Indian cyber networks: Inteltag:typepad.com,2003:post-609515082009-01-06T10:21:50-08:002009-01-06T10:21:54-08:00"After the Mumbai terror strikes, anti-India elements in Pakistan are now planning an attack on Indian computer networks, intelligence agencies have warned. Already Pakistani hackers are trying out a dry run against Indian networks through popular websites registered there after the Mumbai terror strikes, Home Ministry sources told PTI here today....Roberthttp://www.cgisecurity.net/2009/01/pakistan-hackers-plan-attack-on-indian-cyber-networks-intel.htmlPaper: Security Assessment of the Internet Protocoltag:typepad.com,2003:post-609488562009-01-06T09:28:36-08:002009-01-06T10:16:11-08:00The following was sent to the Full Disclosure mailing list last yesterday."In August 2008 the UK CPNI (United Kingdom's Centre for the Protection ofNational Infrastructure) published the document "Security Assessment of theInternet Protocol". The motivation of the aforementioned document isexplained in the Preface of the document itself. (The paper is availableat:...Roberthttp://www.cgisecurity.net/2009/01/paper-security-assessment-of-the-internet-protocol.htmlIsrael hacks Arab TV stationtag:typepad.com,2003:post-609482462009-01-06T09:22:58-08:002009-01-06T09:22:58-08:00"Israeli military forces have reportedly hacked into a Hamas-run TV station to broadcast propaganda. The hijack of the Al-Aqsa television station last weekend represents the latest phase in a war in cyberspace that has accompanied the ongoing conflict in Gaza. Al-Aqsa is known for featuring allegedly antisemitic childrens' cartoons as part...Roberthttp://www.cgisecurity.net/2009/01/israel-hacks-arab-tv-station.htmlTwitter Security Collapses; Obama, Fox and Britney Accounts Hackedtag:typepad.com,2003:post-608964442009-01-05T10:04:41-08:002009-01-06T09:19:37-08:00From Twitter's blog"The issue with these 33 accounts is different from the Phishing scam aimed at Twitter users this weekend. These accounts were compromised by an individual who hacked into some of the tools our support team uses to help people do things like edit the email address associated with their...Roberthttp://www.cgisecurity.net/2009/01/twitter-security-collapses-obama-fox-and-britney-accounts-hacked.htmlSecurity: The Number One Technology Failure of All Timetag:typepad.com,2003:post-608698302009-01-04T19:45:07-08:002009-01-04T19:45:09-08:00"I was reading through an article last night about the 25 greatest blunders in technology history and was happily strolling through memory lane (what are Palm Pilots, PS/2s and Apple Newtons anyways? :p) and then got quite a surprise at the very end of the article. The number one technology failure...Roberthttp://www.cgisecurity.net/2009/01/security-the-number-one-technology-failure-of-all-time.html