May 2009 - The HP Security Laboratory Blog -
Sign in
|
Join
|
Help
SHOP PRODUCTS & SERVICES
EXPLORE & CREATE
CONNECT WITH OTHERS
SUPPORT & DRIVERS
COMMUNITY HOME
HP BLOGS
APP SECURITY BLOGS
APP SECURITY FORUMS
May 2009 - The HP Security Laboratory Blog
The HP Security Laboratory Blog
Home
Contact
Syndication
RSS for Posts
Atom
RSS for Comments
Recent Posts
SSLv3/TLS Renegotiation Stream Injection
Top Five Web Application Vulnerabilities 10/27/09 - 11/8/09
Now Hiring: HP Security Center Pen Tester
Take your %00 and shove it
HP Application Security Center at OWASP DC 11/11-13
Tags
Ajax
Application Security Center
breach
Cross-Site Scripting
data breach
hacked
hackers
Headers
HIPAA
HTML Injection
HTTP
Information Disclosure
Input Validation
JavaScript
Malware
Microsoft
Password Security
Personal Health Information
Privacy
Research
SQL Injection
vulnerabilities
Web Application Security
Wordpress
XSS
View more
Archives
May 2009 (5)
April 2009 (5)
March 2009 (5)
February 2009 (6)
January 2009 (7)
December 2008 (2)
November 2008 (1)
August 2008 (1)
June 2008 (1)
January 2008 (1)
December 2007 (2)
November 2007 (5)
October 2007 (1)
August 2007 (2)
July 2007 (2)
April 2007 (1)
March 2007 (1)
January 2007 (2)
December 2006 (1)
November 2006 (1)
October 2006 (2)
July 2006 (4)
June 2006 (5)
May 2006 (1)
April 2006 (2)
Sort by:
Most Recent
|
Most Viewed
|
Most Commented
Instant High Score!
One of our security researchers just happened to stumble across this interesting Highscores area of a free Flash skeet shooting game. Notice scores 6-10. Now I'm not saying he had anything to do with this. What I am saying is that if your query parameters...
Published
05-29-2009 5:49 PM
by
mark.painter
Filed under:
Web Application Security
,
hackers
Talking Headers: Part 1
Some people collect coins, DVDs or comic books. Others collect cars or Star Wars toys. Among other things, I like to collect HTTP headers. They take up a lot less space than cars, and can have a much higher return value than Mark McGwire's rookie...
Published
05-29-2009 2:58 PM
by
Chris Sullo
Filed under:
Research
,
HTTP
,
Headers
Social Insecurity
Not too long ago, one could trust the big corporate names to run clean websites. You had to go surfing down some shady back alleys of the web to expose yourself to malware. Those were the naïve days of the pre-adolescent internet, when firewalls...
Published
05-28-2009 8:57 PM
by
todd.densmore
Filed under:
Malware
Top Five Web Application Vulnerabilities 5/12/09 - 5/25/09
1) Novell GroupWise WebAccess Multiple Security Vulnerabilities Novell GroupWise WebAccess is susceptible to multiple vulnerabilities including Cross-Site Scripting and issues of security restriction bypass. Attackers who successfully exploit these vulnerabilities...
Published
05-27-2009 3:16 PM
by
mark.painter
Filed under:
XSS
,
PHPCode Injection
The Internet is an unsafe place
Two recent studies have cast some light on the current state of web application security. How bad is it out there? Bad. 82% of web sites had either a Critical, High, or Urgent vulnerability within the past calendar year, with Cross-Site Scripting being...
Published
05-22-2009 3:36 PM
by
mark.painter
Filed under:
hackers
,
Application Management Lifecycle
Microsoft's ClickOnce Firefox add-on
With Firefox, I just went to download a certain new version 2.0 web browser and and was surprised that after hitting the license accept button Firefox started up an installer, downloaded the application and installed it without any prompts or questions...
Published
05-22-2009 2:35 PM
by
Chris Sullo
Filed under:
Microsoft
Universities are natural targets for cyber criminals
A major state university is currently notifying as many as 160,000 students that their personal information (including social security numbers) might have been accessed in 2008. Complicating matters, the breach wasn't discovered until a year later...
Published
05-15-2009 5:51 PM
by
mark.painter
Filed under:
hackers
Top Five Web Application Vulnerabilities 4/28/09 - 5/10/09
1) Multiple Symantec Products Log Viewer Script Injection Vulnerabilities Multiple Symantec Products are susceptible to browser-exploitable script injection vulnerabilities due to improper sanitization of user-supplied input used in dynamically created...
Published
05-11-2009 8:24 PM
by
mark.painter
Filed under:
XSS
,
SQL Injection
Extortion can mean double jeopardy for personal health information providers
I've been thinking a bit more about the personal health information extortion attempt that's been in the news recently, and which Ken Swinney mentioned in his Keep the snakes at bay post yesterday. If you haven't been following the story,...
Published
05-07-2009 10:15 PM
by
mark.painter
Filed under:
HIPAA
,
hackers
,
Personal Health Information
Keep the snakes at bay
Recently, a state agency announced that their site had been compromised by computer hackers. The attackers left a ransom note on the web site claiming that they had captured 8.3 million patient records and 35.6 million prescriptions. The attackers also...
Published
05-06-2009 9:37 PM
by
kenswinney
Filed under:
hacked
,
HIPAA
,
hackers
Even in recession, web application security spending to increase
A recent OWASP survey found that over a quarter of IT organizations plan to spend more money specifically for web application security. Another 36% expect web application security spending to remain at current levels. Considering the state of the economy...
Published
05-06-2009 3:47 PM
by
mark.painter
Filed under:
OWASP
,
Web Application Security
Privacy Statement