Friday, 3 April 2009

A security researcher who goes by the nickname "methodman", today reported a few critical security vulnerabilities affecting Ebay.co.uk. Earlier, he alerted Ebay staff about the issue, but didn't get any response...

Sunday, 29 March 2009

Independent security researchers Rosario Valotta and Matteo Carli have discovered a critical security vulnerability impacting all worldwide webmail applications based on the Memova framework (developed by Critical Path ).

Wednesday, 25 February 2009

Security researcher Pierre Gardenat is preparing a paper for the SSTIC 09 (http://www.sstic.org/SSTIC09/info.do - Rennes 3,4 and 5th June 2009) on the evolution of XSS threats; since wide social networks like Facebook can become powerful attack vectors, it was interesting to see if some of these networks were vulnerable to permanent XSS attacks, which would make XSS worm spreading possible.

Friday, 30 January 2009

Get it while it's hot! Pierre Gardenat submitted a very interesting reflective cross-site scripting vulnerability affecting the login page of Google Sites.

Wednesday, 28 January 2009

Daniel Lo Nigro has discovered a trick to bypass the Myspace filters and insert a script on a Myspace band profile.

Friday, 9 January 2009

Ok it is not the first time, but they had fixed them all. It will probably be the third or fourth time they try to address this damn cgi! Here is the XSS that Babaconda submitted to us (works only in Internet Explorer).

1 2 3 4 5 6 7 8 9 10 11 12 13