הזרקת XSS בסקייפ מאפשרת חטיפת חשבונות משתמשים

תוכנה פופולרית SKYPE מכילה חור באבטחת מידע אשר עלול לאפשר לתוקף להשיג גישה לחשבון או במקרה יותר גרוע להשתלט על המחשב של קורבן.

Massive SQL injection attack

Websense Security Labs provides information on mass SQL injection, which at the time of this writing, shows up…

0day vulnerability in Microsoft Windows

Microsoft Windows does not adequately validate registry data read using the function RtlQueryRegistryValues(). By modifying an EUDC registry key value, a local user could execute arbitrary code with SYSTEM privileges.

A vulnerability in the Linux kernel

Simple kernel attack using socketpair. easy, 100% reproductiblle, works under guest. no way to protect :(

Adobe Flash Player & Adobe PDF Reader Unspecified Code Execution Vulnerability

A vulnerability has been discovered in Adobe Flash Player, which can be exploited by malicious people to compromise a user’s system. The vulnerability is caused due to an unspecified error and can be exploited to execute arbitrary code.

Serious vulnerability detected in Glibc

The dynamic linker (or dynamic loader) is responsible for the runtime linking of dynamically linked programs. ld.so operates in two security modes, a permissive mode that allows a high degree of control over the load operation, and a secure mode (libc_enable_secure) intended to prevent users from interfering with the loading of privileged executables.

POET vs ASP.NET

A few hours ago we released a Microsoft Security Advisory about a security vulnerability in ASP.NET. This vulnerability exists in all versions of ASP.NET. This vulnerability was publically disclosed late Friday at a security conference. We recommend that all customers immediately apply a workaround (described below) to prevent attackers from using this vulnerability against your ASP.NET applications.

How to secure your site

Taking preventive measures to harden your security policy is the first step in being protected, We listed the most important aspects in website security to help you make your site protected and secure.