This topic has come up before, but it is probably worthwhile noting that of course, any data provided by the user can be used against a web application, not just proper POST and GET data. For example, we had a couple readers point us to a recent blog post in http headers  and how many web application vulnerability scanners miss them. Another reader (Thanks Ovi!) sent us an interesting example hiding the exploit in the browser’s user agent field.Read More...
- New Feature: "Live" SSH Brute Force Logs and New Kippo Client, (Wed, Jul 23rd) July 23, 2014
- ISC StormCast for Wednesday, July 23rd 2014 http://isc.sans.edu/podcastdetail.html?id=4073, (Wed, Jul 23rd) July 23, 2014
- Firefox 31.0 released, includes security fixes, see https://www.mozilla.org/security/known-vulnerabilities/firefox.html, (Tue, Jul 22nd) July 22, 2014
- Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird July 22, 2014
- WordPress brute force attack via wp.getUsersBlogs, (Tue, Jul 22nd) July 22, 2014
Tagsapi apple archives article browser bruce schneier business china copyright development director downloads education enterprise events facebook feeds gfi government hackers hacking industry internet linkedin linux management mcafee microsoft network networks news opinion phishing podcasts science security social-media symantec team cyrmu technology united-kingdom united-states videos vulnerability windows