Feeds
13607 items (0 unread) in 75 feeds
-
Watchfire Application Security Insider
-
BlogSecurity
-
sirdarckcat
-
Google Online Security Blog
-
CGISecurity.com: Your Web Site and Application Security Resource
-
Switch/Twitch
-
mybeNi websecurity
-
cat slave diary
-
SecuriTeam Blogs
-
Curiouser and Curiouser
-
Alex's Corner
-
Billy (BK) Rios
-
Chris Shiflett
-
christian's weblog
-
funkatron.com
-
GNUCITIZEN
-
The Spanner
-
hackademix.net
-
Ruby on Rails Security Project
-
It's a shampoo world anyway
-
Web Security Blog
-
ha.ckers.org web application security lab
-
Yet Another Infosec Blog
-
PHP Security Blog
-
Security Thoughts
-
Sunnet Beskerming Security Advisories
-
Disenchant's Blog
-
Sylvan von Stuppe
-
Larholm.com
-
The Turkey Curse
-
Jeremiah Grossman
-
Anurag Agarwal - Application Security Evangelist
-
Ivan Ristic
-
deep inside | security & tools
-
omg.wtf.bbq.
-
BlueHat Security Briefings
-
Tactical Web Application Security
-
.:Computer Defense:.
-
tssci security
-
Plynt Penetration Testing Blog
-
Michael Howard's Web Log
-
Security Retentive
-
BindShell.Net
-
Dominic White's .tHE pRODUCT
-
SecurityFocus News
-
Justice League
-
Schneier on Security
-
Rational Survivability
-
terminal23
-
1 Raindrop
-
hiredhacker.com
-
Matasano Chargen
-
-
Michael on Security - Musings on Information Security
-
Fortify blog
-
The Art of Software Security Assessment
-
GDS Security Blog
-
Vodun.org
-
Robert Penz Blog
-
Mark Curphey - SecurityBuddha.com
-
Liminal states
-
Security Ripcord
-
ModSecurity Blog
-
IBM Internet Security Systems Frequency X Blog
-
Suspekt...
-
extern blog SensePost;
-
Zero in a bit
BlogSecurity
-
Are Political Blogs More Likely to Get Hacked?
Posted: January 26th, 2009, 6:14pm CST by DK
Tags: Reflections [edit]
A website defacement is an attack on a website that changes the visual appearance of the site. These are typically the work of system crackers, who break into a web server and replace the hosted website with one of their own. - wikipedia Web site defacements stretch back to the birth of the Internet and continue [...] -
Old WP-Forum Vulnerability Gets Disclosed
Posted: January 26th, 2009, 6:14pm CST by DK
Tags: Advisories [edit]
An vulnerability for Fredrik Fahlstad’s WP-Forum Plugin has been made public on milw0rm. The exploit appears to affect an older version (1.7.8) of the popular WordPress plugin. The plugins homepage is already on version 2.2. This means this vulnerability was probably discovered shortly after the initial version 1.7.4 vulnerability reported by BlogSecurity in early 2008. As [...] -
Twitter gets hacked with poor passwords
Posted: January 20th, 2009, 5:30am CST by DK
Tags: Articles [edit]
Last week wired reported Twitter users falling prey to a password brute force attack. Yes you read correctly, a password brute force attack. Wired: An 18-year-old hacker with a history of celebrity pranks has admitted to Monday’s hijacking of multiple high-profile Twitter accounts, including President-Elect Barack Obama’s, and the official feed for Fox News. The hacker, who goes [...] -
DNS dot DDoS Attack targetting the Internet
Posted: January 20th, 2009, 4:47am CST by DK
Tags: Reflections [edit]
I was running tcpdump earlier this week when I noticed some odd entries queries to BlogSecurity’s DNS servers: $ sudo tcpdump port 53 10:35:29.560870 IP 69.50.142.110.50928 > blogsecurity.domain: 43135+ NS? . (17) 10:35:29.561302 IP blogsecurity.domain > 69.50.142.110.50928: 43135- 13/0/14 NS C.ROOT-SERVERS.NET.,[|domain] 10:35:31.037729 IP 76.9.16.171.10435 > blogsecurity.domain: 58781+ NS? . (17) 10:35:31.038201 IP blogsecurity.domain > 76.9.16.171.10435: 58781- [...] -
Server updates currently underway
Posted: January 18th, 2009, 10:17am CST by DK
Tags: News [edit]
Please note we are currently doing admin work on the server and DNS records. If you are unable to access the site at one point or another, please try again later. Thanks, BlogSec Team -
WordPress Security Predictions in 2009
Posted: January 15th, 2009, 4:36am CST by DK
Tags: News [edit]
Okay, deep breath, in 2008, we saw Cross-Site Scripting, SQL injection, SQL truncation, Cookie generation weaknesses, Directory Traversal, Arbitrary File Uploads and Cross Site Request Forgery attacks, to name a few? A mouth full but it made for a very interesting 2008 case study of security developments in a popular open source PHP application. The WordPress core [...] -
WordPress
Posted: January 8th, 2009, 8:35am CST by DK
Tags: Advisories [edit]
Jeremias Reith has published the advisory to Bugtraq which includes a proof of concept exploit that may allow an unauthenticated attacker access to your blog. Product affected: WordPress Version(s):