Clik here to view.
Home Depot Website Hack
It is interesting how a minor home improvement project can result in the discovery of a hack on a major retail website. It all started with a simple Google search for “home depot stair spindles”. The...
View ArticleInfosecStuff Website Redesign
If you have ever visited InfosecStuff before, then you probably have noticed that the site has changed dramatically. This overhaul was long overdue and has been months in the making. This is one...
View ArticleClik here to view.
OpenX CSRF Vulnerability Being Actively Exploited
OpenX is one of the most popular banner advertising platforms on the web. OpenX Enterprise is a SaaS product, but they also provide the OpenX Source product for free to those who wish to host their own...
View ArticleNew PHP Bug Allows Remote Code Execution
A new vulnerability has been discovered in PHP that allows attackers to compromise websites that use this popular scripting language. The vulnerability only works when PHP is run in CGI mode, but it is...
View ArticleOpenX Releases Patch for CSRF Vulnerability
OpenX released a patch for the CSRF vulnerability I wrote about on April 29th. As is typical of their security announcements, there are very few technical details, or even specifics about what the...
View ArticleMicrosoft RDP Vulnerability Wormable (MS12-036)
Yesterday Microsoft released their June 2012 security bulletin with a total of 7 advisories. Three of these are rated as critical and one in particular appears to be the type of vulnerability that...
View ArticleCompanies go on the Offensive
A recent Reuters report claims that some companies are retaliating against hackers who target their systems. Tired of simply trying to keep the attackers at bay, these businesses apparently believe...
View ArticleJava 7 Zero Day Vulnerability
Earlier this week infosec researcher Esteban Guillardoy unveiled details of an unpatched vulnerability for Oracle’s Java 7 software. This vulnerability is being actively exploited in the wild and has...
View ArticleClik here to view.
Webapp Scanner Review: Acunetix Versus Netsparker
In the past, small businesses and independent consultants had to rely on freely available tools to aid in their security assessments of web applications due to the cost of commercial scanners. Tools...
View ArticleGDPR is Coming. Is Your Organization Ready?
On May 25th of 2018, the General Data Protection Regulation (GDPR) goes into effect. This is a law passed in 2016 by the member states of the European Union that requires compliance with regard to how...
View Article
