Archive for June, 2008
Microsoft Security Advisory (954462): Rise in SQL Injection Attacks Exploiting Unverified User Data Input - 6/25/2008
Revision Note: June 25, 2008: Removed erroneous references to form field and cookie value testing from the HP Scrawlr tool description. Advisory Summary:Microsoft is aware of a recent escalation in a class of attacks targeting Web sites that use Microsoft ASP and ASP.NET technologies but do not follow best practices for secure Web application development. [...]
Mine is bigger than yours!
In the latest months, there have been some discussions about malware figures. My colleague Stuart wrote in the SophosLabs blog a post about this, as well as our colleagues at McAfee did. Today I’ve seen a press release from F-Secure, where they announce the publication of their 2008 first half data security summary (I have [...]
Microsoft Security Advisory (953818): Blended Threat from Combined Attack Using Apple’s Safari on the Windows Platform - 6/20/2008
Revision Note: June 20, 2008: Advisory updated to provide link to related Apple security advisory. Advisory Summary:Microsoft is investigating new public reports of a blended threat that allows remote code execution on all supported versions of Windows XP and Windows Vista when Apple’s Safari for Windows has been installed. Safari is not installed with Windows [...]