Don’t Be Held For Ransom with Ransomware

In her 5 December article in The New York Times, “For PC Virus Victims, Pay or Else,” cybersecurity reporter Nicole Perlroth discusses the growing threat of ransomware in the USA. Ransomware is a type of malware that takes your computer hostage, freezing it until you pay up. How does this Web kidnapping work exactly? Ms. […]

Read More →

An Unhappy New Year – Security Researcher Discloses New Batch of MySQL Vulnerabilities

Earlier this month, on the Security Week website, Steve Ragan published an article about a security researcher who posted several vulnerabilities to the Full Disclosure mailing list – seven of these are MySQL vulnerabilities. The complete list of vulnerabilities is available here. CVE assignments have been issued for five of these vulnerabilities. The researchers who […]

Read More →

Have a Merry WordPress 3.5 Christmas! Make it Last All Year with Acunetix

The folks over at WordPress released WordPress 3.5 on 11 December. A veritable Christmas present for bloggers and developers, WordPress 3.5 is chock full of new features and improvements. The most dramatic improvement is a re-imagined flow for uploading photos and creating galleries. WordPress 3.5 also includes a new default theme, Twenty Twelve, which WordPress describes as […]

Read More →

WordPress Pingback Vulnerability

Recently somebody posted on Reddit about a WordPress scanner that is taking advantage of a new WordPress vulnerability. The vulnerability is abusing the Pingback system, which is a well-known feature that’s used by a lot of bloggers. What is a Pingback? Quoting Wikipedia: A pingback is one of three types of linkbacks, methods for Web […]

Read More →

Inside the Mind of a Web Miscreant

We hear about “hackers” and “bad guys” on the internet all the time, but why do they do it? Without delving deeply into criminal psychology, they simply do it because they can. They often do it to promote a political cause or to make money. They do it to make others look bad and to […]

Read More →

Finding Web Flaws is not Point and Click

Successful web security testing is not as simple as point and click. Unfortunately, many people treat it as such. The thought process goes something like this: 1.    Load web vulnerability scanner. 2.    Enter URL to scan. 3.    Click Go. 4.    Generate report for the auditors. 5.    Be done with it until next month. Don’t get […]

Read More →

2012 – The Year Hacking Became a Political Weapon

On 30 November Reuters reported that Anonymous will shut down Syrian government websites worldwide to fight the government’s countrywide Internet blackout, which many believe was put into effect to silence opposition to President Bashar al-Assad. According to Martin Chulov of The Guardian, in his 29 November article, “Syria shuts off internet access across the country,” […]

Read More →