cross site scripting

Datos de Yahoo! expuestos a través de inyección SQL

Hace algunos días,  Virus_Hima, un informático de origen egipcio dio a conocer algunas vulnerabilidades críticas que detectó en Yahoo!. Según se puede apreciar, tuvo acceso total a los archivos de copia de respaldo de uno de los servidores de dominio de Yahoo! y a doce bases de datos. Los agujeros de seguridad que permitieron dichos

Vulnerabilidades XSS presentes en populares sitios web

En el último tiempo se ha observado un incremento en el tipo de vulnerabilidad Cross Site Scripting. Esta clase de falla muchas veces pasa desapercibida por los diseñadores de los sitios web a la hora de codificar sus portales, y por lo tanto no estipulan este tipo de ataque y cuál es su alcance en

Facebook, offensive content, and terse responses

I have yet to see any direct advice to Facebook users on the “Facebook Known Issues” page or the “Facebook Security” page.

Top Ten of Top Tens

Well, not exactly, though actually a top ten of top tens isn't a bad idea: apparently, top tens usually attract plenty of readers.  As do top fives. twenties etc, though probably not top thirteens. Security Memes a Lot to Me Still, there is a touch of recursion to this post. I got a notification from

Gmail spam: an inside job?

Aleksandr Matrosov, Senior Virus Researcher at ESET Russia, has brought to our attention an avalanche of reports of hacked Gmail accounts. While the exact nature of the hack isn't confirmed, it appears that spammers were able to access the victim's address books in order to send junk mail from the compromised accounts to their owner's

Ten Ways to Dodge Cyber-Bullets (Part 6)

[Part 6 of an occasional series, updating a blog series I ran in early 2009 to reflect changes in the threat landscape. This series will also be available shortly as a white paper.] Social Networks Can Be Very Anti-Social Don’t disclose sensitive information on websites like FaceBook or LinkedIn if you can’t be sure that you

Another Twitter Security Problem

As reported at http://www.eweek.com/c/a/Security/Twitter-XSS-Vulnerability-Still-Wide-Open-Developer-Says-433005/, a researcher has found a cross site scripting vulnerability that affects Twitter. The researcher claims that by exploiting this he could gain access to the Twitter accounts of anyone who views his specially crafted tweets. The explanation of the problem is a bit techie, but there is a very key point

Taking the Mikeyy

Well, Mikeyy may not be the only security problem Twitter has right now, but the Hoodied Bore does seem to be doing an excellent job of exhausting everyone’s patience, including that of The Register’s John Leyden, who described him as "increasingly annoying". It appears that Mr. Mooney did take responsibility for at least the first

Follow us

Copyright © 2017 ESET, All Rights Reserved.