+ CGISecurity - Website and Application Security News +

All things related to website, database, SDL, and application security since 2000. ...

Last Update: Thu Jun 18 22:50:19 2009

+ Stephen Watt/JimJones/Unix Terrorist to be Sentenced Monday + Photo (c) of sensepost "Watt, a 7-foot-tall software engineer who was working for Morgan Stanley at the time the hacks occurred, [...] dubbed “blabla” that Gonzalez and others allegedly used to steal millions of credit and debit card numbers from TJX and other...

+ Session Attacks and ASP.NET - Part 1 + Sans has published part 1 of an article discussing Session Fixation attacks against .NET applications. "I’ve spent some time [...] and am still not completely satisfied with how Microsoft has decided to implement session management in ASP.NET 2.0+ (haven’t...

+ Hacker cracks TinyURL rival, redirects millions of Twitter users + "A URL-shortening service that condenses long Web addresses for use on micro-blogging sites like Twitter was hacked over the weekend, [...] said today. After Cligs, a rival to the better known TinyURL and bit.ly shortening services, was attacked Sunday, more than...

+ Article: 'Setting the appropriate security defect handling expectations in development and QA + I have just published the following article on handling application security defects (vulnerabilities) in development and QA. "If [...] a security defect to development in an effort to remediate the issue. Depending on your organization and its culture this can be a...

+ Phrack 66 is out! + IntroductionTCLH Phrack Prophile on The PaX TeamTCLH Phrack World NewsTCLH Abusing the Objective C runtimenemo Backdooring Juniper [...] TCP Persist Timer Infinitenessithilgore Malloc Des-Maleficarumblackngel A Real SMM RootkitCore Collapse Alphanumeric RISC...

+ SHA-1 collisions achievable + "The researchers, from Macquarie University in Sydney, Australia, found a way to break the SHA-1 algorithm in significantly fewer [...] to withstand attempts numbering 263, the researchers have been able to whittle that down to 252, a number that puts practical...

+ Microsoft Security Bulletin Summary for June 2009 + Patch Tuesday is here again. Here's the rundown of what was fixed. MS09-018 Vulnerabilities in Active Directory Could Allow Remote [...] of Active Directory on Microsoft Windows 2000 Server and Windows Server 2003, and Active Directory Application Mode (ADAM)...

+ New paper by Amit Klein (Trusteer) - Temporary user tracking in major browsers and Cross-domain information leakage and attacks + Amit Klein posted the following to the web security mailing list yesterday. "User tracking across domains, processes (in some cases) [...] Mozilla Firefox, Apple Safari, and to a limited extent Google Chrome). Additionally, new cross-domain information leakage, and...

+ 100,000 sites deleted in hack, software company boss commits suicide + "The boss of Indian software firm LxLabs was found dead in a suspected suicide on Monday. Reports of the death of K T Ligesh, 32, come ...

+ T-Mobile confirms hackers' info is legit + "The information posted over the weekend by hackers who claimed to have hacked T-Mobile is legit, T-Mobile now says. But, it's not [...] T-Mobile systems they claim. On Saturday, hackers posted what appear to be logfiles taken from T-Mobile's networks to the Full...