A potentially dangerous XSS vulnerability has existed in eBay for more than a year and it doesn’t appear the company is a rush to fix the issue.
Tag Archives: Vulnerabilities
OpenSSL Past, Present and Future
Heartbleed made the world notice what kind of shape OpenSSL development was in from a financial and resources standpoint. In the year since, the project has been funded enough to hire full-time engineers and a crucial refactoring of the codebase has the project in the right direction.
WordPress Patches Zero-Day Vulnerability
WordPress quickly turned around a patch for a stored cross-site scripting zero-day vulnerability in the CMS’ core engine.
Details on WordPress Zero Day Disclosed
A Finnish researcher has disclosed details on an unpatched stored cross-site scripting vulnerability in the WordPress core engine.
Second Crypto Bug in Networking Library Could Affect 25,000 Apps
A few weeks after the developers of the AFNetworking library that’s popular among iOS and OS X app developers patched a serious bug in the library that enabled man-in-the-middle attacks, another, similar flaw has surfaced. The new vulnerability is related to how the AFNetworking library handles domain name validation for certificates. As it turns out, the library […]
Siemens Patches Ghost Flaw Simatic Product
Siemens has released an update for some of its ICS products that are affected but the glibc Ghost vulnerability that was disclosed in January. The vulnerability affected both the Siemens Sinumerik and Simatic HMI Basic applications, which are used in a variety of industrial situations. “The affected products, SINUMERIK, SIMATIC HMI Basic, and Ruggedcom, are used as an […]
Google Provides Detailed Analysis of GitHub Attack Traffic
The high-profile DDoS attack against GitHub that went on for several days last month was the end result of an operation that included several phases and extensive testing and optimization by the attackers. Researchers at Google analyzed the attack traffic over several weeks and found that the attackers used both Javascript replacement and HTML injections. […]
Active Defense Can Give Pause to Threats
Enterprises can use existing networking tools to put up internal barriers against hackers in order to frustrate them on to other targets.
Bypassing OS X Security Tools is Trivial, Researcher Says
SAN FRANCISCO–For years, Apple has enjoyed a pretty good reputation among users for the security of its products. That halo has been enhanced by the addition of new security features such as Gatekeeper and XProtect to OS X recently, but one researcher said that all of those protections are simple to bypass and gaining persistence […]
‘Fully Secure Systems Don’t Exist’
SAN FRANCISCO–The more things change, the more they stay the same. Thirty years ago, Adi Shamir, one of the inventors of the RSA algorithm, was asked to do a keynote speech at a conference and spoke about his laws of computer security. They were a set of principles that he developed over the years relating […]