Jessica Biel is the most dangerous celebrity on the Internet, at least as far as searches go. According to McAfee, a whopping 20% of searches for Jessica Biel images, videos, and dowloads lead to sites that contain malicious software of one type or another. It might not be very sophisticated, but it's...
If Google detects that your website is hosting malware, it is pretty clear your site has been attacked. Attackers are consistently using automated attack tools looking for SQL Injection points, trying to include files remotely, or attempting to determine ssh passwords via guessing. A frightening trend...
Over at the SEOmozBlog , Danny Dover has a really interesting post about how, and how fast, the news of Michael Jackson's death travelled across the web. I won't go through it here, but it's a fascinating read. Less than an hour after the 911 call the news was appearing on the web. Less than...
Not too long ago, one could trust the big corporate names to run clean websites. You had to go surfing down some shady back alleys of the web to expose yourself to malware. Those were the naïve days of the pre-adolescent internet, when firewalls and spam filters were not words that your mom and...
Aspect Security has just released, through OWASP , a new tool called " Scrubbr ". Scrubbr is a Java program which connects to your database (MySQL 5+, MS SQL 2005+, and Oracle) directly and analyzes databases or specific tables looking for XSS strings. The strings are defined via an XML--it...
Paris Hilton’s website was infected with some pretty nasty malware over the past weekend. ScanSafe (who discovered the compromise) said that over 15,000 sites were detected to have this malware installed, including an ad on MLB.com. So far, most AV products aren't stopping it, either. Visitors to...
At the beginning of the week, Yahoo was attacked by a worm that propagates using nothing but JavaScript and Ajax. I've been giving interviews to the press all day and talked with the FBI about the worm, so let me take a moment to fill you all in. Cross Site Scripting (XSS) is a really big problem...