Archive for the Web Security Category

Looking forward to the DEF CON 25 Hacking Conference

Looking forward to the DEF CON 25 Hacking Conference

Two large annual security conferences are taking place in Las Vegas this week and I will be attending the second one.

Read more

Best Practices You Can Adopt to Help Protect Against Router Vulnerabilities

Best Practices You Can Adopt to Help Protect Against Router Vulnerabilities

About two months ago, I posted a video blog showing how easy it is to obtain unauthenticated root access on a very popular Netgear router. This Netgear vulnerability received overwhelming news coverage and the urgent call went out across the Internet to patch all of their routers […]

Read more

An Invaluable Resource Against Data Breaches in the Hacking Age

An Invaluable Resource Against Data Breaches in the Hacking Age

An Invaluable Resource against Data Breaches in the Hacking Age You’re probably just as concerned about the rise of online fraud, data breaches, hacks and stollen accounts as the rest of the world is lately. There is a site to help you verify if you have been compromised: HaveIBeenPwned.com […]

Read more

ROOTCON 2012 Information Security Conference Recap: Part Two

zvelo attended the 2012 ROOTCON Information Security ConferenceThis is the second and final recap of the ROOTCON 2012 annual hacker conference and information security gathering, which zveloLABS had the opportunity of attending. Following are additional highlights that deserve to be shared instead of being tucked away in my personal notebook.

 

Read more

Anatomy of an Attack – a SOPHOS Web Security Seminar Recap

In mid-September of 2011, I had the privilege of attending a SOPHOS seminar titled, “Anatomy of an Attack – How Hackers Threaten your Security,” hosted by Chester Wisniewski, a highly regarded Senior Security Advisor and frequent contributor to the award-winning Naked Security blog. Here is a recap of the seminar.

 

Read more

Hack in the Box Security Conference (HITBSecConf) – Malaysia 2011: Report #2 – Discussions About Web 2.0 Application Attacks and Web Threats

Day two of the 2011 Hack in the Box Security Conference closed as quickly as it started. zveloLABS™ has absorbed invaluable information about web threats that parallel the ongoing innovations of today’s Internet. The previous day’s discussions into traditional attacks against Web 1.0 applications have provided a foundation for today’s discussions on the gravity and severity of similar threats executed in the context of the Web 2.0 paradigm. In simple terms, most of the established web threats continue to persist in technologies such as AJAX, HTML5 and Silverlight, though often in a more subtle form. The difference is that now they are deployed in a much more sophisticated manner, while remaining equally threatening.

 

Read more

Hack in the Box Security Conference (HITBSecConf) – Malaysia 2011: Report #1

2011 Hack in the Box Security Conference - Malaysia, Live Coverage by zveloLABS™

zveloLABS™ is reporting live from the 2011 Hack in the Box Security Conference, now in its 9th year and arguably Asia’s largest and most popular network security conference, and here is our day one report. HITBSecConf has managed to attract a wide range of participants from many IT industry sectors, including a healthy share of government representatives, hailing from the Asia-Pacific region. Day one has consisted entirely of in-depth technical training. zvelo is participating in Web Hacking 2.0: Attacks, Penetration and Exploits, a two-day technical training track, which aims to shed light on emerging threats that leverage Web 2.0 vulnerabilities that have been manifesting in the wild for some time now.

 

Read more

Hotmail outage search returns dangerous URLs

An outage of the Windows Live ID service affected a large number of MSN users today including users of the popular Hotmail email service. Hotmail is one of the largest web based email outlets and not surprisingly news of the outage spread quickly as users were not able to access their email.

 

Read more

Injected IFrame Attacks

The security community at large and the eSoft Threat Prevention Team have recently noticed an uptick in sites compromised by a new injection attack that results in an injected iframe.  This attack can be recognized by its attempts to masquerade the malicious script as GNU GPL or LGPL.  GPL and LGPL refer to public licenses for open source software and add a veneer of legitimacy to the malicious files.

 

Read more

New Rash of Fraud Sites Touting Cheap Software

zvelo is researching a widespread and dangerous ring of fraudulent “OEM Software” distribution sites. These sites offer popular software from Microsoft, Adobe, and many other vendors at a greatly reduced price. Not only do they not deliver installable software, they collect sensitive information from individuals, including credit card numbers.

 

Read more

Mass Compromise of Sites with Webalizer

zveloLABS™ has been tracking a rapidly growing pattern in website exploits over the last 24 hours. Since Thursday, Aug 20 zvelo has seen over 6,000 compromised URLs with a similar pattern.

 

Read more

Have you heard the one about the independent testing lab?

They always independently verify that their client is the best.  Well, independent tests these days are a joke.

 

Read more