PayPal XSS vulnerability affects EV SSL

Friday, May 16th, 2008

A new attack on PayPal could have allowed users who thought they were on a trusted page to access a fraudulent page and possibly expose personal information. On Friday, Finnish researcher Harry Sintonen reported the vulnerability on an IRC chat room. In an interview with Netcraft, Sintonen said the issue was ...

Posted in Internet, Privacy, Security | No Comments

browserrecon – Passive Browser Fingerprinting

Wednesday, May 14th, 2008

Most of todays tools for fingerprinting are focusing on server-side services. Well-known and widely-accepted implementations of such utilities are available for http web services, smtp mail server, ftp servers and even telnet daemons. Of course, many attack scenarios are focusing on server-side attacks. Client-based attacks, especially targeting web clients, are becoming ...

Posted in Internet, Privacy, Security, Software | No Comments

New versions of fgdump and pwdump released

Tuesday, April 29th, 2008

The latest versions of fgdump and pwdump have been released by the foofus.net team. Looks like the most important change is that both tools support 64-bit targets. Here is the official announcement: "The foofus.net team is pleased to announce updates to both fgdump (2.0.0) and pwdump (1.7.1), which incorporate a number ...

Posted in Coding, Linux, Privacy, Security | 1 Comment

WordPress 2.5 Cookie Forging Explained

Saturday, April 26th, 2008

WordPress 2.5.1 came out recently. It includes a critical security fix for a cookie integrity bug that would allow an attacker to impersonate other users, including WordPress admins, by manipulating the contents of an HTTP cookie. Whenever I read about a vulnerability predicated on the user identity being embedded ...

Posted in Coding, Internet, Privacy, Security, Software | 1 Comment

Opera boosts its anti-phishing defenses

Friday, April 25th, 2008

Opera 9.5 Beta 2 has stepped up its security game. The browser has added fraud protection and support for EV SSL (Extended Validation Secure Sockets Layer) certificates to help prevent identity theft. Opera’s move to join the EV SSL crowd leaves Safari as the only browser without anti-phishing protection. As you ...

Posted in Internet, Software | No Comments

Copyright 2008-2024 PC Sympathy - Entries (RSS) - Sitemap