A few days ago PayPal announced that they will be supporting Mobile Access for the PayPal Security Key. This means that to log into their accounts, PayPal users receive a 6 digit security code via a text message. This feature obviously adds an extra layer…
Monthly Archives: November 2008
AcuSensor Technology in action; finding backdoors in web applications
On March 2, 2007 the following was posted on the WordPress blog: Long story short: If you downloaded WordPress 2.1.1 within the past 3-4 days, your files may include a security exploit that was added by a cracker, and you should upgrade all of your…
How XSS can lead to a Windows Domain compromise
Many times internal web applications are excluded from the scrutinity that external ones are subjected to. It is often assumed that attackers are on the external side of the network and therefore do not have access to any internal resources. In turn this usually leads…
Acunetix WVS Scripting reference available
With Acunetix WVS version 6, Acunetix introduced a Port Scanner and Network Alerts. When scanning a website, a port scan against the web server can be launched (optional) and once open ports are found specific network security tests are launched against the network service running…
SQL Injection in Mambo found with Acunetix AcuSensor Technology
This post shows how with Acunetix AcuSensor Technology improves scanning reliability by using sensors placed inside the web application being scanned. It also proves that with this technology, one can detect SQL injections in INSERT statements. Such vulnerabilities cannot be found using a typical web…
Facebook Worm on the Loose
A worm abusing Facebook‘s messaging system is making rounds between friends. It consists of an executable worm known as Koobface that runs on the victim’s computer and searches for Facebook cookies on his or her computer. It will then use these cookies to hijack an…