Category: General Security
10/20/09
An Intro to Cross-Site Scripting (XSS)
A recent conversation with a customer revealed the fact that many auditors and web server admins do not understand the basics of Cross Site Scripting attacks. Cross Site scripting attacks (commonly represented with XSS as CSS = Cascading Style Sheets) a… more »
09/25/09
ASA 8.2 Dynamic Botnet Filtering
ASA 8.2 includes several new features including Dynamic Filtering. Dynamic Filtering detects outbound traffic from the internal network to known malicious destinations. The feature uses the Cisco SIO (Security Intelligence Operations) threat data also… more »
09/22/09
Hijacking Software Updates with EvilUpgrade
Infobyte has released a tool called EvilUpgrade which can hijack legitimate software updates when used in conjunction with ARP spoofing, DNS Cache poisoning, DHCP spoofing, or other attacks.
From the victim's system, the process looks and feels like a… more »
09/15/09
Compromised nGinx Servers Used to Distribute Malware
As discussed in previous blog entries, nGinx is a favorite web server for malware authors including Conficker and Storm. H-Online is reporting that nGinx servers have been compromised and used along with a dynamic DNS service to distribute malware.
T… more »
08/20/09
Shodan Computer Search Engine
This is an interesting concept - a search engine that will find computers/routers. Search criteria includes geographic location, specific software (Apache, ProFTP), and more.
Registration and use is currently limited and requires approval.
http://… more »
XML Feeds©2010 by Priveon, Inc.