Thursday, 22 May 2008

Mox has submitted a critical cross-site scripting vulnerability affecting Facebook.com - according to Alexa is currently ranked the 7th most used site on the web.

Sunday, 11 May 2008

Bank websites which are vulnerable to cross-site scripting are critically susceptible to frauds and that is a well-documented fact! Strict case management  and monitoring of security vulnerabilities should have prevented 100% of site-specific vulnerabilities. Barclays is one of the largest UK banks and a gold target for scammers hunting the pound notes. In this case, exploiting trust is an easy game to play for phishers and blackhat hackers.

Monday, 28 April 2008

Russ McRee brought up again his concerns about the Hacker Safe issue with his latest blog post titled "Still not Hacker Safe, roll the video". Me and Kevin are also annoyed with the fact that McAfee's ScanAlert service is, as Russ pointed out, more like fraudulent marketing fluff than a worthy expense for websites.  What do YOU think?

Sunday, 27 April 2008

mox has discovered a critical XSS (script insertion) vulnerability in Google Groups.

Friday, 18 April 2008

mox has just submitted a critical script insertion vulnerability affecting my.barackobama.com - Barack Obama's official social networking site for his supporters.

Tuesday, 15 April 2008

Symantec has released on April 8th the most recent and very interesting Internet Security Threat Report (ISTR Volume XIII). Concerning the metric for site-specific XSS vulnerabilities, data is provided by us and is limited to the XSS issues that security researchers submit to the archive.

1 2 3 4 5 6 7 8 9 10 11 12 13