This topic has come up before, but it is probably worthwhile noting that of course, any data provided by the user can be used against a web application, not just proper POST and GET data. For example, we had a couple readers point us to a recent blog post in http headers  and how many web application vulnerability scanners miss them. Another reader (Thanks Ovi!) sent us an interesting example hiding the exploit in the browser’s user agent field.
Daily Archive: April 5, 2012
“According to attorney/filmmaker Marc Simon, it wasnt particularly greed that motivated Marc Dreier to steal $400 million by selling fake real-estate-backed notes to investors that included top hedge funds.
“David Lerner Associates is a little known brokerage operating out of a suburb in Long Island. The epoynmous founder, David Lerner, was a school teacher who started selling securities after school.
“From Tom Kalil, Deputy Director for Policy at Office of Science and Technology Policy[On March 29th], the Obama Administration announced the Big Data Research and Development Initiative. By improving our ability to extract knowledge and insights from large and complex collections of digital data, the initiative promises to help accelerate the pace of discovery in science and engineering, strengthen our national security, and transform teaching and learning
“When it comes to the government's ability to search your electronic devices at the border, we've always maintained that the border is not an “anything goes” zone, and that the Fourth Amendment doesn't allow the government to search whatever it wants for any (or no) reason at all. Recently, the Ninth Circuit Court of Appeals agreed to rehear a case that gave the government carte blanche to search through electronic devices at the border. In September 2011, EFF and the National Association of Criminal Defense Lawyers filed an amicus brief (PDF) before the Ninth Circuit, asking it to rehear its decision in United States v
“In case youve not paid attention to the news recently, there has been a barrage of stories (over 1500 turned up in a quick online search) about organizations asking job applicants and employees for their Facebook, Twitter, LinkedIn and other social networking passwords. Its a hot topic folks! Ive listed a bunch of them at the end of this post….”
“Securing computers against unlawful and malicious attacks is always important, but its especially vital when the computers in question control major physical systemsmanufacturing plants, transportation systems, power grids. Cybersecurity for cyber-physical systems is the topic of a workshop on April 23 and 24 at the National Institute of Standards and Technology (NIST) campus in Gaithersburg, Md.
“With all of the attention in the press these days on the large banks, hacking, and a variety of social pressures against the financial institutions, its a good time to remember that credit unions and small banks abound around the world, too. They may offer an alternative to the traditional big banking you might be seeking, but they sometimes offer an alternative to the complex, well staffed information security teams that big banks have to bear against attackers and cyber-criminals, too
“Internet-based social networking sites have created a revolution in social connectivity. However, con artists, criminals, and other dishonest actors are exploiting this capability for nefarious purposes
Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, .NET Framework, Office, SQL Server, Server Software, Developer Tools, and Forefront United Access Gateway as part of the Microsoft Security Bulletin Summary for April 2012 .