XSS in Engadget’s New Site
I’m noticing a trend of sites patching the more obvious cross-site scripting vectors, such as search fields, but ignoring parameters in secondary pages, such as Ajax interfaces. Several applications in...
View ArticleSecure Your WordPress By Learning From My Mistakes
Several weeks ago, I managed to create a small ruckus on Twitter by issuing a warning about a possible WordPress vulnerability. I was rather embarrassed to eventually discover that the actual problem...
View ArticleSecurity Through Obscurity and Privacy in Practice
Yesterday, security researcher Ron Bowes published a 2.8GB database of information collected from public Facebook pages. These pages list all users whose privacy settings enable a public search listing...
View ArticleInstant Personalization Program Gets New Partner, Security Issue
Facebook announced last week that movie information site Rotten Tomatoes would join Docs.com, Pandora, and Yelp as a partner in the social networking service’s “instant personalization” program. Rotten...
View ArticleLooking at Facebook’s Strategy and Possible New Directions
Over the last few months, Facebook has rolled out several significant new features, such as Places and the updated Groups. On Monday, Facebook is holding another event to announce what many expect to...
View ArticleReal-Life Examples of Cross-Subdomain Issues
About two weeks ago, security researcher Mike Bailey posted a paper on cookie attacks via subdomains (hat tip: Jeremiah Grossman). I’ve seen several stories since then dealing with various subdomain...
View Article
More Pages to Explore .....