Hackers get smarter with Javascript {5}

by Ermie C
This article is about security researchers from ESET are detecting new ways on how new Malware is being inserted into websites. This was discovered in a Russian web space and was really found unexpectedly through the use of mouse cursor movement. However, they reveal that this isn’t a regular attack anymore to just make a program that redirects and installs a program automatically unto a user’s computer, this is actually a rogue js code that installs itself in the head tag in an html page. This makes it so that it’s harder to find. Now that because more and more developers are using JS for their websites, it’s becoming a more common thing to learn and manipulate. A hacker’s use of the mouse movement program to is evade the purpose of web crawlers that companies use for security to detect malware. The researchers in ESET seem impressed because programmers are getting more “proactive” in changing up their game plan to infect user computers. read more...

SQL Injection Attacks {4}

by Abel R
SQL injection is a technique to attack a database through a website. SQL injection attacks are when an attacker attempts to or succeeds in inserting their own code into a pre-existing query (e.g. a product search). The aim is to get the application to perform an action that is unexpected and usually of benefit to the attacker(Morgan 2006). read more...

Windows Web Server Flaw {2}

by Yeimy F

In 2010, Microsoft rushed out a fix for ASP.NET bug on Windows server. It was a flaw that started to be deployed by online attackers who caused some limited attacks but made several attempts to bypass Windows Server Operating system. “ ASP.NET is used to build Web applications, and the bug gives attackers a way to gain access to protected files or read encrypted data sent by an ASP.NET application server.” Online attackers were able to steal username and passwords from websites. However, this bug was not considered harmful to customers unless they happen to run a Web server on their computer. read more...

CSS Cross-Origin Attacks {Comments Off on CSS Cross-Origin Attacks}

by Andrew N

CSS Cross-Origin Attacks


Cross-origin attacks are when an attacker inserts their scripting into an existing block of code and is able to extract private information through luring the end user to basically give them the information. They can do this through various ways such as luring you to one of their websites or send e-mails that can activate the extraction. All browsers a susceptible to such attacks. The attackers are actually very limited to what they can do. They are mainly trying to get you to make the wrong decision by luring you to click on an extraction link which is actually a site on their web server where they can request for the code block that has been compromised by their string injection. Cookies are a present threat because they store valuable information and without them attackers are helpless. Attackers are also limited by the structure and behavior of the site as well, such as, insufficient injection points, quotes, line breaks, character escapes. These have to be replicated exactly by the attacker or it will not work. Example of an attack would be Yahoo! Mail where the attacker can send mail to lure you into clicking on their site and as it loads, it also pulls from their injection strings your information. read more...