Back for the last entry of 2009, here are the latest updates in the security world: Aweber announces its own incursion into its site, unnumbered amount of email addresses pilfered. AWeber was recently the victim of an intentional attack to mine email addresses. We’d like…
Author Archives Acunetix
THE AUTHOR
Acunetix
A Malicious Website Hacker Attacks – CitiGroup Denies Knowledge
While I try and not to be so graphic with my comments, I can’t help but feel CSI-esque lately with all of these website hacker attacks. So here we go again. This time, its CITI. Just reported today by marketwatch.com, Citigroups stock sank significantly based…
Acunetix WVS Version 6.5 build 20100111 released
An updated build of Acunetix WVS Version 6.5 has been released with a number of new security checks and bug fixes. New security checks: Test for File Upload IIS bug filename.asp;.jpg Test for WP-Forum 2.3 vulnerabilities JBoss rmi ping (network script) Bug Fixes: Bugfix: Modified…
Rockyou gets rocked by hackers and old exploit
Well, it has happened. This time, the users themselves have taken action against rockyou.com for their inadvertent disclosure of customer information. Hacker activity has meant Rockyou disclosed what looks like over 32,000,000 accounts. Yes, 32 Million! What is interesting about this case, for me anyways,…
An In-Depth Look at SQL Injection
SQL injection attacks are one of the most common techniques hackers use to access secure information from web servers to carry out illegitimate activities. This hacking technique also demonstrates how vulnerable systems are on not just the insecure ports and other firewall protected fronts, but…
Acunetix WVS Version 6.5 build 20091215 released
An updated build for Acunetix WVS Version 6.5 has been released with a number of improvements, bug fixes, and a number of new security checks. New security checks: JBoss BSHDeployer MBean JBoss checks from RedTeam’s paper JBoss HttpAdaptor JMXInvokerServlet JBoss Server MBean JBoss ServerInfo MBean…
Acunetix WVS Version 6.5 build 20091124 released
An updated build for Acunetix WVS Version 6.5 has been released with a number of improvements, bug fixes, and most important of all, a good number of new security checks. New: New security checks of AcuSensor Technology curl_exec() url is controlled by user PHP preg_replace…
US Air Force uses Acunetix WVS to identify and mitigate web application vulnerabilities
The US Air Force’s mission is to fly, fight and win… in air, space and Cyberspace. US Air Force has an elite force defending people from millions of cyber attacks every day in their newest battlefield; Cyberspace. In a battle field, you’re always a target,…
Looking back at 2009 through SQL Injection goggles
The earliest public mention I could find of SQL Injection (‘piggybacking SQL statements’ as the author put it) was from someone who called himself Rain Forest Puppy (RFP). In 1998 RFP wrote an article for Phrack Magazine (Volume 9, Issue 54) in which he talks…