So apparently there was a XSS vulnerability patched yesterday in Ruby on Rails that affected Twitter and Basecamp. The spin that a lot of people are trying to put on this story is that IE8 was immune to the cross site scripting vulnerability but I think that the focus should be put on the fact […]
Turkish Hackers Break Into US Army Servers
My partners and I have been around the block w/ some Turkish hackers in the past and even involved the FBI once during a pretty persistent onslaught and I walked away from that experience pretty impressed with their hacking talents. Defacing websites and planting rootkits on commercial servers is one thing but hacking into anything […]
CBS Website Hacked
That’s right, the television network CBS had their website hacked using the popular iframe method and was actually used for a period of time to distribute malware to it’s visitors. I am not for sure how many visitors CBS has on a daily basis but I am pretty sure it’s probably high volume. One of […]
Ayatollah’s Website Hacked
It looks like international website defacing is on the rise, I have heard several reports over the past few days of international websites being defaced, most of these were religiously oriented sites. On CNN tonight I found out that the Web site of Iraq’s most influential Shiite cleric was hacked Friday, with the attackers’ messages […]
U.S. Cyberattacks?
Just reading CNN.com this morning (my morning ritual) and ran across this news report that was apparently filed earlier this morning and I thought it was pretty interesting. This isn’t anything that those of us in the hosting industry haven’t been hearing off and on since 9/11 but given what happened to Georgia just prior […]
PayPal XSS Vulnerability (EV SSL)
PayPal fell victim to a cross-site scripting vulnerability this past week. Basically it would allow hackers to carry out a few tasks such as stealing credentials from users as well as displaying their own content. PayPal, in my opinion, has always done a good job in terms of staying up on security risks over the […]
XSS Exploits & the Presidential Campaign
A couple of pretty interesting Cross Site Scripting (XSS) exploits have been launched as of late on presidential candidates Hillary Clinton and Barack Obama’s websites. Both exploits are unique in that they were highly publicized and pretty well documented online. It’s probably some good information for developers and hosting companies to take a look at, […]
Obama’s Website Hacked!
A hacker has managed to get into Obama’s website and redirect it to Hillary Clinton’s website. Details are kind of sketchy at this time but here’s a link to an article on netcraft regarding the hack: Hacker Redirects Barack Obama’s site to hillaryclinton.com – Netcraft A user named Mox, from Liverpool, IL, posted an apparent […]
Harvard University Website Hacked
I ran into this article on the WHIR this morning and thought that it was pretty comical. Their website for their Graduate School or the Arts was compromised on Sunday, and don’t get me wrong that parts not funny by any means, but the comedy of this story is how they were hacked. Apparently some […]
Book Review: Maximum Apache Security
About a year or so ago we were working pretty hard with our server admin to harden our servers against potential threats such as remote shell executions, bots, and xss vulnerabilities. It was a frustrating time for me because there were a lot of elements that I couldn’t get my mind around, fortunately our server […]