Web Security

Webpages that are tagged with web security:

• Digg / Firstdigg / History / Submissions - Http://Digg.Com/Users/Firstdigg/News/Submitted
Digg / firstdigg / History / Submissions diggJoin DiggAboutLoginUsernamePasswordRemember?Search Digg... « Home FirstDigg on vacation till Oct 28th (FirstDigg) A 27 year-old male who joined Digg on November 11th, 2007 ProfileFriends' ActivityHistory Filter all recent activity Diggs submissions comments favorites shouts sent by FirstDigg profile activity All SectionsNewsVideosImages Recent Activity Search for in All SectionsNewsVideosImages Showing submissions in all sections 189 Adobe ships Flash Player 10 and Creative Suite 4 Submitted in News - on 10/15/2008 784 Quicken Online is Finally Free - Manage Your Finances Online Submitted in News - on 10/14/2008 482 Step-on scanner removes need to take off shoes at airports Submitted in News - on 10/12/2008 279 Extra Life. Play Games. Heal Kids. All Day Sat Oct 18th 2008 Submitted in News - on 10/05/2008 556 The Telescope: 400 Years and Counting Submitted in News - on 10/02/2008 913 Visual Studio 2010 to come with airline like 'black box' Submitted in News - on 09/29/2008 226 Sarah Palin - I'm F'ng Matt Damon Submitted in Videos - on 09/12/2008 251 Get Paid To Drive To Work By Being a Taxi? (new iPhones app) Submitted in News - on 09/09/2008 260 Turn 404 Pages Into Search Results & Suggestions from Google Submitted in News - on 08/31/2008 288 Clothes Shopping to be Quicker & Easier with Magic Mirrors Submitted in News - on 08/27/2008 1541 ‘Forgot your password?’ may be weakest link in web security Submitted in News - on 08/26/2008 259 Newegg.com No Longer Collecting New York Sales Tax! Submitted in News - on 08/22/2008 816 Personal Genome Project Could Unlock the Mysteries of Life Submitted in News - on 07/27/2008 1387 Happy SysAdmin Day! (Friday July 25 2008) Submitted in News - on 07/25/2008 286 High School Math is Cool When Applied to Digg & Census Data Submitted in News - on 07/22/2008 756 Reiser Shows Police Location Of Wife's Body Submitted in News - on 07/08/2008 438 Universe Sandbox - 3D Interactive Universe Simulator Submitted in News - on 07/04/2008 1123 Super Mario Marathon Raises over $11,100 for Child's Play Submitted in News - on 06/30/2008 541 Google Tries Tighter Aim for Web Ads -- Knows What You Want Submitted in News - on 06/27/2008 866 Turn Your iPod into Pandora with Instinctiv Submitted in News - on 06/26/2008 Next »« Previous Site Links Home Take a Tour Search Digg Digg Mobile RSS Feeds Popular Archive Terms of Use, Privacy Help Frequent Questions How Digg Works Report a Website Bug All About Digg About Us Contact Us The Digg Blog Digg Townhalls & Meetups Jobs at Digg Advertise on Digg Diggnation Podcast Digg Store Get hats, shirts, hoodies, stickers, and more at the Digg?Store. Digg Tools & API All Digg Tools Firefox Toolbar New Add Digg to Google Flock Web Browser MySpace Widget Netvibes Widget Integrate Digg Buttons Digg Badges Make a Digg Widget API for Developers Digg Dialogg! Digg Dialogg lets you choose the questions. Elections 2008 Digg the Candidates — track the US presidential candidates. Digg Labs Get a real-time view beneath the surface of Digg. Digg Labs Home Arc, Swarm, Stack, Bigspy, Pics Digg Toolbar for Firefox The Digg Toolbar for Firefox lets you Digg, submit content, and keep track of Digg even when you're not on the Digg site. Download the official Digg Toolbar for Firefox now. ? Digg Inc. 2008 — Content posted by Digg users is dedicated to the public domain. DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.

• Mc Afee Site Advisor Blog - Http://Blog.Siteadvisor.Com/
McAfee SiteAdvisor Blog Contact us Terms of service Privacy policy Home Download Analysis Support About us McAfee SiteAdvisor Blog What we're doing, where we're going and what we've found when it comes to Web safety. December 11, 2008 Upgrading your SiteAdvisor software with Secure Search Posted by Shane Keats at 01:43 PM We’ve got some big enhancements to the McAfee® SiteAdvisor® software to share with you today. Secure Search McAfee SiteAdvisor technology with Secure Search allows users to block and filter malicious Web sites from search results, provides a Secure Search Box for simplified security and integrates McAfee SECURETM trustmarks throughout the consumer Web experience. Together, these Secure Search features extend McAfee’s commitment to making it easier than ever for consumers to enjoy comprehensive Web Security. The upgrade is free and is available immediately for new and existing users. Secure Search Box Secure Search is centered on the new Secure Search Box. Now, wherever you are on the Web, you can search more securely without first having to navigate to a search engine page. The search box can be toggled on and off via the settings menu. Risky Site Filtering The Secure Search Box also offers you the ability to filter and block red-rated risky sites from your search results. That greyed out link means it’s not clickable unless you change your settings. This feature goes beyond the safety guidance offered by the standard settings and delivers active protection. It’s great for families with children, or for computers that are shared with less experienced, novice Web users. Yahoo! Toolbar Many of you will also see an option to download and install the popular Yahoo! Toolbar, integrated with our Secure Search features! When you download the toolbar and do your searches through the Yahoo! search box, you get a three benefits: great Yahoo! search results that get you straight to your answers by predicting what you’re searching for and offering instant suggestions as you type, our safety annotations, and risky site filtering. In addition, after you set it up with your favorite bookmarks, the Yahoo! Toolbar gives you one-click access to the sites you care about most, both on and off Yahoo! The integrated Yahoo toolbar is only available to our IE users at this time. Safer Shopping with verified McAfee SECURE sites We’d also like to call your attention to something you may not have noticed. This summer, we began displaying the McAfee SECURE™ trustmark on sites that have passed rigorous daily testing by the McAfee SECURE service. What does this mean for you? Your personal information is safer with participating McAfee SECURE vendors! That’s because daily scanning for known threats can help prevent Web sites from falling prey to many forms of hacker crime. Only sites that pass the McAfee SECURE program of daily testing and maintain their overall Green rating from SiteAdvisor technology testing can display the trustmark. McAfee SECURE shopping Portal When you get a chance, be sure to check out McAfee SECURE shopping, a convenient one-stop-shop with more than 1,500 well known e-commerce sites, all of which earn the right to display the McAfee SECURE trustmark. This is a safer online experience whether you’re surfing, searching or shopping. Your feedback Have a comment or suggestion? We're listening here. Permalink | TrackBacks (0) May 20, 2008 Hey. How come Yahoo! search looks different today? Posted by Shane Keats at 10:04 AM For millions of Yahoo! users, their search experience is now a little different. Alongside their regular Yahoo! search results, they may encounter a new piece of information – the site’s risk rating! We recently announced that McAfee and Yahoo! have partnered to launch Yahoo! SearchScan Beta Powered by McAfee, the Web’s first search engine to incorporate such site safety ratings. What’s under the hood? Under this beta launch, Yahoo! users in the US, Canada, UK, France, Italy, Germany, Australia, New Zealand and Spain will experience much safer searching thanks to site safety ratings from SiteAdvisor, McAfee’s 5-star rated, award winning safe search tool. Yahoo! users will immediately benefit by avoiding Web sites that can result in spyware, spam and "browser exploits." SiteAdvisor users will now see two annotations when they search on Yahoo! – McAfee’s circle and Yahoo! SearchScan’s red triangle. The rating and additional information are the same. Yahoo! will remove all sites that McAfee has rated red (risky) for download and e-mail practices from sponsored results (the ones on the right and top of the page). In addition, Yahoo will remove all sites that test positive for malicious exploit or "drive-by" code, no matter where they appear on the page. Finally, Yahoo! will display alerts next to red-rated download or e-mail results in the organic part of the search page. For those Yahoo! users who are unfamiliar with SiteAdvisor, when they mouse over a red rating and click "more details" they’ll open a site profile providing the same in-depth information about the site’s test results that SiteAdvisor’s existing users have come to expect. The added safety will be "on"by default for all users of Yahoo!’s U.S. search portal. Under Yahoo!’s "Search preferences" consumers can easily turn off the new feature or decide to filter out all red results from search results. What’s Different? SearchScan uses almost all of our data – but not all of it. For example, the SiteAdvisor plug-in offers phishing protection. SearchScan does not. Why? Phishing sites are largely a "surfing" phenomenon. They almost never show up in search so it makes sense for Yahoo to work with the most common types of red for now. For another example, we use a pretty complex algorithm to mark sites red if they link to too many other risky sites. SearchScan is brand new to the Yahoo! community and they’re rightly focusing at first on threats that are easiest to understand – like downloads, spam and exploits. Taking SiteAdvisor wherever you search and surf If Yahoo!’s users enjoy this safer search environment, we hope they’ll consider adding the SiteAdvisor plug-in to their browser as well. This way, they can take that new layer of safety to the surfing experience. In fact, Yahoo!’s SearchScan Beta is not a replacement for SiteAdvisor. Our existing SiteAdvisor users will want to keep their plug-in installed so they can benefit while surfing and while searching on other engines. Permalink | TrackBacks (0) March 06, 2008 Microsoft OneCare incorrectly tagging SiteAdvisor; Solution in progress Posted by Shane Keats at 09:03 AM Microsoft’s OneCare team issued an update on January 31, 2008 that resulted in SiteAdvisor users receiving a Microsoft warning message recommending that SiteAdvisor be removed due to interference with OneCare. SiteAdvisor doesn’t interfere with OneCare in any way; we communicated this to Microsoft and they’ve begun to resolve the issue. As of February 21st, new installations of OneCare will not message against SiteAdvisor. However, existing users of OneCare will continue to receive these messages until sometime in the spring, when Microsoft says it will fix OneCare installations made prior to February 21. Turns out that as a general rule, Microsoft recommends running only one security application at a time because of potential performance and "PC stability" issues. We explained to Microsoft that SiteAdvisor functionality is totally unrelated to OneCare. They agreed. Rest assured, there is no need to disable SiteAdvisor or OneCare. The two products co-exist nicely (aside from the pop-up!). Because OneCare doesn’t allow white listing of applications, affected consumers have limited options until all installations of OneCare are patched. Thanks for your patience during this time. Permalink | TrackBacks (0) December 06, 2007 Problems Accessing Gmail? Posted by Shane Keats at 11:36 AM We’ve been hearing from some of our users that their systems are slowing to crawl when trying to access Gmail. Ugh! It turns out Google’s November Gmail release included some fairly significant, and unexpected, changes that are affecting many SiteAdvisor users on the Internet Explorer 7 platform. The effect is unacceptably high CPU usage. We’re finishing a patch now that will go out to all our users the week of December 10. In the meantime, add google.com to SiteAdvisor’s Do Not Warn list and reopen the browser. Doing so will alleviate the issue. For step-by-step instructions, please visit McAfee's support center. Permalink | Comments (1) | TrackBacks (0) September 18, 2007 Change to our privacy policy Posted by Shane Keats at 01:18 PM In early September 2007, concurrent with SiteAdvisor build 2.5, we changed the privacy policy for SiteAdvisor participants in our optional Product Improvement Program (PIP). As you may know, the PIP allows us to keep anonymous statistics on how our software is performing so we are better able to improve it. Here's what's changed: Under the new privacy policy, we can now share these anonymous statistics with partners. Examples of these statistics would be the number of active SiteAdvisor users in a day, or the number of times users 'mouse over' SiteAdvisor's safe search ratings. Here's what hasn't changed: We do not collect any personally identifiable information from SiteAdvisor users, whether the user is in the PIP or not. The PIP remains purely optional and by default, SiteAdvisor users do not participate. Users who opt-in to the PIP can still leave at any time by clicking on the settings menu found on the McAfee SiteAdvisor logo. Permalink | Comments (3) | TrackBacks (0) July 26, 2007 Mapping the Mal Web Report Forces Change Posted by Shane Keats at 11:24 AM Back in March, we published Mapping the Mal Web an in-depth look at country-level domains. Tokelau (.tk) was the riskiest overall, with 10.1% of all tested domains rated re

• Google Doctype Google Code - Http://Code.Google.Com/Doctype/
Google Doctype - Google Code Skip to page content English | Site Directory e.g. "ajax apis" or "open source" Google Doctype Home Docs Group Terms How do I start? Browse Google Doctype right now Navigate through the table of contents and find a page that piques your interest If you see a mistake or have something to add, log in with your Google account and click the "Edit" link on any page More information Philosophy - what Google Doctype is (and isn't) Licensing - industry-standard source and content licenses (no tricks, no traps) Contributing - how to get involved Documenting the Open Web Browse Google Doctype Google Doctype is an open encyclopedia and reference library. Written by web developers, for web developers. It includes articles on web security, JavaScript DOM manipulation, CSS tips and tricks, and more. The reference section includes a growing library of test cases for checking cross-browser and cross-platform compatibility. Google Doctype is 100% open. Open source Open content Open to contributions from anyone Featured Video Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 3.0 Unported License. ?2009 Google - Code Home - Terms of Service - Privacy Policy - Feedback - Site Directory Google Code offered in: 中文 - English - Português - Pусский - Español - 日本語

• By : Yahoo! Tech - Http://News.Yahoo.Com/S/Pcworld/20080630/Tc Pcworld/147739
by : Yahoo! Tech Yahoo!My Yahoo!MailMore?Yahoo ServicesMake Y! My HomepageGet Yahoo! ToolbarAccount OptionsNew User??Sign UpSign InHelpYahoo! Searchweb search Site Navigation HomeTech Categories Camcorders Car Tech Cell Phones Desktops Digital Cameras Games & Gear HDTV & Televisions Home Audio & Speakers Home Video Laptops Monitors MP3 Players PDAs Printers Scanners Software Storage Upgrades Wi-Fi & Networking Blogs My Tech News Today In Tech > Iron-clad rumor: Kindle 2 arriving February 9 Uh oh! We're having server trouble. Our team is on it and we should have everything back to normal shortly. Please come back soon. Recent Tech News Stories Gadgets: Books help users learn new Adobe CS4 Miami Herald Thursday 29th January, 09:56:27 AM Gadgets: Books help users learn new Adobe CS4 The State Thursday 29th January, 10:04:58 AM Review: Gloves with fancy fingers for iPhone use San Francisco Chronicle Wednesday 28th January, 12:50:39 PM ? ADVERTISEMENT Recent Articles About Technology Calif. weighs tough TV energy standards (AP) Review: Gloves with fancy fingers for iPhone use (AP) Amazon stock soars on strong profit and outlook (AP) Obama puts his beloved BlackBerry to work (AP) Google delays stock option exchange program (CNET) Amazon profit up, Kindle demand 'unusually strong' (AFP) Dell planning cell phone foray: report (Reuters) Nortel exits WiMax business (Reuters) Microsoft releases Web Sandbox under open source (InfoWorld) SP2 for Vista, Server 2008 Reportedly Sent to Testers (NewsFactor) Netgear Launches Email, Web Security SMB Appliance (PC Magazine) Nintendo Cuts Profit Forecast as Sony, Toshiba Stumble (NewsFactor) Product Categories Computers Home Office Wi-Fi & Networking Phones & PDAs Cameras & Camcorders TV & Home Theater Portable Audio Upgrades Desktops Laptops Software Storage Scanners Monitors Printers Home Networking PDAs Cell Phones Camcorders Digital Cameras Home Audio & Speakers Home Video Televisions Games & Gear MP3 Players Car Tech Today On... Consumer Reports Don't Buy Without Them For unbiased ratings and reviews on thousands of products, get expert advice from Consumer Reports. Read More Yahoo! Search Play full songs for free Search for music artists and listen to full songs right on the search page. Try it now. Read More Sponsored Links LaptopsLearn About HP Laptop Computers - Compare Features & Prices Online. www.hp.com Dell Official SiteSave on Dell Laptops and Notebooks Powered By Intel Technology. www.Dell.com ComputersComputers Online. See This Week's Featured Items. www.Target.com ComputersSearch that Pays You Back. Search Now and Save. Search.Live.com/cashback My Tech Sign In to see your profile information, saved products and more... Register Sign In My Saved Tech Products Show All Quick Compare Gadgets You Might Like Why was I recommended these gadgets? Sony PlayStation 3 Console 4/5 Dell XPS 730X (Intel Core i7-940 2.93GHz, 3GB, 500GB)(dxcwwy1_1) Desktop Computer Guitar Hero: World Tour [Bundle] PlayStation 3 Apple iPod Touch 16GB MP3 Player 4.5/5 Nintendo DS Lite Console 5/5 Recently Viewed on | off on | off Recent Searches on | off on | off Site Map | Tour | Subscribe to Yahoo! Tech Copyright © 2009 Yahoo! Inc. All rights reserved. | Copyright/IP Policy | Terms of Service | HelpNotice: We collect personal information on this site. To learn more about how we use this information, see our Privacy Policy Question and Answer content at Yahoo! Tech is written by Yahoo! users at Yahoo! Answers. Yahoo! does not evaluate or guarantee the accuracy of any Yahoo! Answers content. For more information, read the Full Disclaimer. Opinions expressed by the Advisors are their own and do not necessarily reflect the views of Yahoo! Inc. Yahoo! receives no compensation from any manufacturer or distributor nor does it compensate any Advisor for the coverage of any product or service in any Advisor's content.

• By : Yahoo! Tech - Http://News.Yahoo.Com/S/Afp/20080512/Tc Afp/Chileinternetcrime
by : Yahoo! Tech Yahoo!My Yahoo!MailMore?Yahoo ServicesMake Y! My HomepageGet Yahoo! ToolbarAccount OptionsNew User??Sign UpSign InHelpYahoo! Searchweb search Site Navigation HomeTech Categories Camcorders Car Tech Cell Phones Desktops Digital Cameras Games & Gear HDTV & Televisions Home Audio & Speakers Home Video Laptops Monitors MP3 Players PDAs Printers Scanners Software Storage Upgrades Wi-Fi & Networking Blogs My Tech News Today In Tech > Hands-on with the touchscreen Verizon Hub Uh oh! We're having server trouble. Our team is on it and we should have everything back to normal shortly. Please come back soon. Recent Tech News Stories Gadgets: Books help users learn new Adobe CS4 Miami Herald Thursday 29th January, 09:56:27 AM Gadgets: Books help users learn new Adobe CS4 The State Thursday 29th January, 10:04:58 AM Review: Gloves with fancy fingers for iPhone use San Francisco Chronicle Wednesday 28th January, 12:50:39 PM ? ADVERTISEMENT Recent Articles About Technology Calif. weighs tough TV energy standards (AP) Review: Gloves with fancy fingers for iPhone use (AP) Amazon stock soars on strong profit and outlook (AP) Obama puts his beloved BlackBerry to work (AP) Google delays stock option exchange program (CNET) Amazon profit up, Kindle demand 'unusually strong' (AFP) Dell planning cell phone foray: report (Reuters) Nortel exits WiMax business (Reuters) Microsoft releases Web Sandbox under open source (InfoWorld) SP2 for Vista, Server 2008 Reportedly Sent to Testers (NewsFactor) Netgear Launches Email, Web Security SMB Appliance (PC Magazine) Nintendo Cuts Profit Forecast as Sony, Toshiba Stumble (NewsFactor) Product Categories Computers Home Office Wi-Fi & Networking Phones & PDAs Cameras & Camcorders TV & Home Theater Portable Audio Upgrades Desktops Laptops Software Storage Scanners Monitors Printers Home Networking PDAs Cell Phones Camcorders Digital Cameras Home Audio & Speakers Home Video Televisions Games & Gear MP3 Players Car Tech Today On... Consumer Reports Don't Buy Without Them For unbiased ratings and reviews on thousands of products, get expert advice from Consumer Reports. Read More Yahoo! Search Play full songs for free Search for music artists and listen to full songs right on the search page. Try it now. Read More Sponsored Links HP Laptop PCsLearn More about Easily Upgradable & Customizable HP Laptop PCs. www.hp.com Dell Official SiteSave on Dell Laptops and Notebooks Powered By Intel Technology. www.Dell.com ComputersComputers Online. See This Week's Featured Items. www.Target.com ComputersSearch that Pays You Back. Search Now and Save. Search.Live.com/cashback My Tech Sign In to see your profile information, saved products and more... Register Sign In My Saved Tech Products Show All Quick Compare Gadgets You Might Like Why was I recommended these gadgets? Sony PlayStation 3 Console 4/5 Dell XPS 730X (Intel Core i7-940 2.93GHz, 3GB, 500GB)(dxcwwy1_1) Desktop Computer Guitar Hero: World Tour [Bundle] PlayStation 3 Apple iPod Touch 16GB MP3 Player 4.5/5 Nintendo DS Lite Console 5/5 Recently Viewed on | off on | off Recent Searches on | off on | off Site Map | Tour | Subscribe to Yahoo! Tech Copyright © 2009 Yahoo! Inc. All rights reserved. | Copyright/IP Policy | Terms of Service | HelpNotice: We collect personal information on this site. To learn more about how we use this information, see our Privacy Policy Question and Answer content at Yahoo! Tech is written by Yahoo! users at Yahoo! Answers. Yahoo! does not evaluate or guarantee the accuracy of any Yahoo! Answers content. For more information, read the Full Disclaimer. Opinions expressed by the Advisors are their own and do not necessarily reflect the views of Yahoo! Inc. Yahoo! receives no compensation from any manufacturer or distributor nor does it compensate any Advisor for the coverage of any product or service in any Advisor's content.

• Jeremiah Grossman - Http://Jeremiahgrossman.Blogspot.Com/
Jeremiah Grossman Jeremiah Grossman A page about me to show up first on Google when searching for "Jeremiah". A page about me to show up first on Google and it FINALLY has! Tuesday, January 27, 2009 Some unanswered questions In the Web security industry there is a consistent flow of current events, many of which lead to the asking of thoughtful questions. Frequently good thoughtful questions are not easy to answer, with no guaranteed they’ll ever be answered satisfactorily. I like to collect these kinds of questions, gather as much relevant information as possible, talk to people in the know, and the results of which will eventually shape my opinions on the subject. Below are a couple of things that have been I’ve been tracking. Perhaps readers her might want to share their thought as well.Do people trust QSAs who consider PCI-DSS 6.6 met if their organization only uses a network vulnerability scanner with a few web application security checks?Do organizations with a more mature software security program tend to deploy Web Application Firewalls more often than those who don't?As a result of economic downturn, what notable security projects are being cut from last years budget?Will Cross-Site Request Forgery security features be adopted through HTTP standardization, ad-hoc by Web browser vendors, or left solely up to website owners?Will secure code purchasing standards lead to secure code? Posted by Jeremiah Grossman at 10:53 AM 9 comments Links Share: Digg | Delicious | Stumble | Technorati | Reddit | XML Monday, January 26, 2009 Calling all Researchers! Send in the Top Web Hacking Techniques of 2008 It's time once again to create the Top Ten Web Hacking Techniques of the past year. Every year Web security produces a plethora of new and extremely clever hacking techniques (loosely defined, not specific incidents), many of which are published in hard to find locations. 2008 was no different. As we've done for the past two years, we're looking for the best of the best. This effort serves as a way to create a centralized community reference and recognize those exceptional researchers who have contributed to our collective knowledge.This year is special, because the researcher who places #1 will not only receive praise amongst his peers, but also receive one free pass to attend the BlackHat USA Briefings 2009! Over $1,000 (US) value. Generously sponsored by BlackHat. Winners will be chosen by a panel of judges (Rich Mogull, Chris Hoff, HD Moore, Jeff Forristal) on the basis of novelty, impact, and pervasiveness.We’re also going to need your help. Below we’re building the living list of everything found so far. If anything is missing, and we’re positive there is because last year had over 80, we’d appreciate it if you could post a comment containing the link. Thank you and good luck!The ListCross-Site PrintingCUPS DetectionCSRFing the uTorrent pluginClickjacking / VideojackingBypassing URL Authentication and Authorization with HTTP Verb TamperingI used to know what you watched, on YouTube (CSRF + Crossdomain.xml)Safari Carpet BombFlash clipboard HijackFlash Internet Explorer security model bugFrame Injection FunFree MacWorld Platinum Pass? Yes in 2008!Diminutive Worm, 161 byte Web WormSNMP XSS Attack (1)Res Timing File Enumeration Without JavaScript in IE7.0Stealing Basic Auth with Persistent XSSSmuggling SMTP through open HTTP proxiesCollecting Lots of Free 'Micro-Deposits'Using your browser URL history to estimate genderCross-site File Upload AttacksSame Origin Bypassing Using Image DimensionsHTTP Proxies Bypass FirewallsJoin a Religion Via CSRFCross-domain leaks of site logins via Authenticated CSSJavaScript Global Namespace PollutionGIFARHTML/CSS Injections - Primitive Malicious CodeHacking Intranets Through Web InterfacesCookie Path TraversalRacing to downgrade users to cookie-less authenticationMySQL and SQL Column Truncation VulnerabilitiesBuilding Subversive File Sharing With Client Side ApplicationsFirefox XML injection into parse of remote XMLFirefox cross-domain information theft (simple text strings, some CSV)Firefox 2 and WebKit nightly cross-domain image theftBrowser's Ghost BustersExploiting XSS vulnerabilities on cookiesBreaking Google Gears' Cross-Origin Communication ModelFlash Parameter InjectionCross Environment HoppingExploiting Logged Out XSS VulnerabilitiesExploiting CSRF Protected XSSActiveX Repurposing, (1, 2)Tunneling tcp over http over sql-injectionArbitrary TCP over uploaded pagesLocal DoS on CUPS to a remote exploit via specially-crafted webpage (1)JavaScript Code Flow ManipulationCommon localhost dns misconfiguration can lead to "same site" scriptingPulling system32 out over blind SQL InjectionDialog Spoofing - Firefox Basic AuthenticationSkype cross-zone scripting vulnerabilitySafari pwns Internet ExplorerIE "Print Table of Links" Cross-Zone Scripting VulnerabilityA different OperaAbusing HTML 5 Structured Client-side StorageSSID Script InjectionDHCP Script InjectionFile Download InjectionNavigation Hijacking (Frame/Tab Injection Attacks)UPnP Hacking via FlashTotal surveillance made easy with VoIP phoneSocial Networks Evil Twin AttacksRecursive File Include DoSMulti-pass filters bypassSession ExtendingCode Execution via XSS (1)Redirector’s hellPersistent SQL InjectionJSON Hijacking with UTF-7 Posted by Jeremiah Grossman at 7:02 PM 16 comments Links Share: Digg | Delicious | Stumble | Technorati | Reddit | XML Best-Practices are partly responsible for SQL Injection woes Security Horizon invited me to contribute an article for their free Winter 2009 edition of Security Journal. I took the opportunity to discuss several very important aspects of SQL Injection, which are not well understood. For example, why certain best-practices may have contributed to the ongoing problem. How black and white box vulnerability testing is impacted. Why the good guys are at a substantial disadvantage to the bad guys. How the problem could potentially be solved and how much it might cost us. etc. Especially timely material considering the ongoing exploitation. Enjoy!SQL Injection, Eye of the Storm In 2008 SQL Injection became the leading method of malware distribution, infecting millions of Web pages and foisting browser-based exploits upon unsuspecting visitors. The ramifications to online businesses include data loss, PCI fines, downtime, recovery costs, brand damage, and revenue decline when search engines blacklist them. According to WhiteHat Security1, 16 percent of websites are vulnerable to SQL Injection. This is likely under-reported given that the statistics are largely based on top-tier Web properties that employ a website vulnerability management solution to identify the problem. The majority of websites do not and as such may be completely unaware of the extent of the issue. In addition, some recommended security best-practice have ironically benefited malicious hackers. Websense now reports that "60 percent of the top 100 most popular Web sites have either hosted or been involved in malicious activity in the first half of 2008." Let’s examine the forces that have aligned to create the storm that allows SQL Injection to thrive. Posted by Jeremiah Grossman at 12:56 PM 3 comments Links Share: Digg | Delicious | Stumble | Technorati | Reddit | XML Thursday, January 22, 2009 Alignment of Interests in Web Security John Dean, former Chairman & CEO of Silicon Valley Bank and one of WhiteHat Security’s earliest investors, shared some wisdom with me years back that I rely upon every day. “Interests must be in alignment,” he said. Meaning that for an effort to be successful everyone must pull in the same direction and be incentivized accordingly. In sales for example, revenue quotas motivate personnel to achieve higher pay. Postal mail delivery deadlines reward drivers who complete their routes quickly by allowing them to go home early. Even software development groups sometimes have compensation tied to release dates or defect reduction. Failure to meet objectives may result in employee write-ups, missed promotions, or dismissal. Alignment-of-interests encourages stakeholders to work efficiently together towards a common goal. When approaching Web security, the landscape is littered with conflicts-of-interest. Before discussing a few of them lets briefly look at the current state through some recently published reports."82 percent of websites have had at least one security issue, with 63 percent still having issues of high, critical or urgent severity.”WhiteHat Security (Sixth Quarterly Website Security Statistics Report 2008)"60 percent of the top 100 most popular Web sites have either hosted or been involved in malicious activity in the first half of 2008."Websense security Labs™ (State of internet security -Q1 – Q2, 2008)"From 2006 to the first half of 2008, vulnerabilities affecting Web server applications accounted for 51 percent of all vulnerability disclosures."IBM Internet Security Systems (X-Force® 2008 Mid-Year Trend Statistics)“Invisible threats” (such as hard-to-detect infections of legitimate websites) are making common sense and many traditional security solutions ineffective."Cisco (2008 Annual Security Report)"As a result of these considerations, Symantec has observed that the majority of effective malicious activity has become Web-based: the Web is now the primary conduit for attack activity."Symantec Internet Security Threat Report (Trends for July–December 07)The poor state of Web security is well-known to industry insiders, security experts, academics, and malicious hackers. Scores of brilliant minds all over the world have spent their careers developing technology solutions, backed by hundreds of millions (billions?) of dollars in venture capital, only to witness the problem steadily worsen. Its not that we don’t know how to secure a website. We do! We know how to harden operating systems, lockdown Web servers, encrypt data transactions or disk s

• Protection From Adware, Spam, Viruses, Online Scams | Mc Afee Site Advisor - Http://Www.Siteadvisor.Com/
Protection from Adware, Spam, Viruses, Online Scams | McAfee SiteAdvisor Look up a site report: Go McAfee Home Contact us Terms of service Privacy policy Home Download Analysis Support Blog For Webmasters About us McAfee SiteAdvisor software helps take the guesswork out of Web security. McAfee SiteAdvisor technology is a free download that tests Web sites for spyware, spam, viruses and phishing so you can click with confidence.New! Enhanced safety with our Secure Search BoxNew! Risky site blockingNew! Includes McAfee SECURE? trustmarks for sites passing daily tests Click here to learn more Loading Enhanced safety with our Secure Search Box Enhance your protection with our new Secure Search Box. Take our safety advice wherever you go on the Web. Back to intro Risky site blocking Remove or block potentially risky sites from your search box results with easy to use settings. These can be changed at any time so you have flexible control over what search engine results you see. Back to intro Includes McAfee SECURE? trustmarks for sites passing daily tests Your personal information is safer on sites that undergo rigorous daily testing by the McAfee SECURE? service.That's because daily scanning for known vulnerabilities can prevent Web sites from falling prey to the vast majority of hacker crime.Only sites that pass the McAfee SECURE program of daily testing can display the trustmark.? Back to intro McAfee VirusScan Plus AntiVirus, Firewall, AntiSpyware. Download Now & Save 50%! Download Now New! McAfee SECURE? shopping portal with thousands of merchants Shop Safely Now Look up a site report: Go Blog Terms of service Privacy policy About us Support Analysis Download Home Copyright ? 2008 McAfee, Inc. Pick a language English Čeština Dansk Deutsch Ελληνικά Español Español (México) Suomi Français Français (Canada) Magyar Italiano 日本語 한국어 Nederlands Norsk Polski Português Português (brasileiro) Русский Slovenčina Svenska Türkçe 简体中文 繁體中文