Template:Application Security News

Jun 16 - For goodness sakes, don't click on links in email: A pretty complete writeup about the exploit of an XSS flaw in PayPal - "The scam works quite convincingly, by tricking users into accessing a URL hosted on the genuine PayPal web site. The URL uses SSL to encrypt information transmitted to and from the site, and a valid 256-bit SSL certificate is presented to confirm that the site does indeed belong to PayPal; however, some of the content on the page has been modified by the fraudsters via a cross-site scripting technique (XSS). When the victim visits the page, they are presented with a message that has been 'injected' onto the genuine PayPal site that says, "Your account is currently disabled because we think it has been accessed by a third party. You will now be redirected to Resolution Center." After a short pause, the victim is then redirected to an external server, which presents a fake PayPal Member log-In page."

Jun 16 - When developers go bad...: The unbelievable story of what a disgruntled developer can do - "2,000 of the company's servers went down, leaving about 17,000 brokers across the country unable to make trades. Nearly 400 branch offices were affected. Files were deleted. Backups went down within minutes of being run. The system was offline for more than a day, and UBS PaineWebber -- which was renamed UBS Wealth Management USA in 2003 -- spent about $3.1 million in assessing and restoring the network. Executives at the company haven't reported how much was lost in business downtime...The agent executed a warrant on March 21, 2002, and allegedly found hard copy of the logic bomb's source code on the defendant's bedroom dresser. The Secret Service also allegedly found the source code on two of his four home computers."

Jun 15 - SCOMP, STOP, Tmach, Gemsos, MVS, VMS, Trusted Solaris, and OpenBSD seriously put out: "Microsoft senior vice president Bob Muglia opened up TechEd 2006 in Boston Sunday evening by proclaiming that Windows Vista was the most secure operating system in the industry...Windows Vista is the first operating system from Microsoft to be built from the ground up using the SDL development model. Every bit of code is scrutinized for Common Criteria Certification and security compliance checkpoints must be met along the way."

Jun 14 - Why I hate frameworks: "According to our research, what people really needed wasn't a Universal Hammer after all. It's always better to have the right kind of hammer for the job. So, we started selling hammer factories, capable of producing whatever kind of hammers you might be interested in using. All you need to do is staff the hammer factory with workers, activate the machinery, buy the raw materials, pay the utility bills, and PRESTO...you'll have *exactly* the kind of hammer you need in no time flat."

Navigation menu