Today, Microsoft released a set of eight security Bulletins (MS13-059 through MS13-066) for a broad variety of vulnerable technologies and exploit categories. The critical vulnerabilities are not known to be exploited publicly at the time of Bulletin release. The more interesting Bulletins… Read Full Article
A short while ago, I decided to prepare a presentation on web vulnerabilities and specifically on XSS attacks. This involved studying the way today’s filtration systems work Read Full Article
Another live XSS vulnerability in Orkut affected more than 180,000 users in Brazil. Read Full Article
There is a new, actively exploited XSS on Twitter. Read Full Article
How does a computer get infected if you’re just surfing the Internet? And how do cybercriminals make money from tricking users? This article aims to answer these questions. Read Full Article
A new Twitter XSS exploit was identified in the wild as it started to be used by cybercriminals overnight. Read Full Article
On Saturday an alert went out about a new Twitter worm. Could this have been another XSS-Worm? Upon clicking the link users would see the following… Read Full Article
Today we’ve seen a new variant of Net-Worm.JS.Twettir going around on Twitter. Kaspersky products detect it as Net-Worm.JS.Twettir.h. This worm appeared just after an announcement that a firm has hired the author of the original worm. Not wanting to stray too much from the intended topic of this… Read Full Article
Over the weekend we’ve seen a number of Cross Site Scripting worms for twitter. We detect these XSS worms as Net-Worm.JS.Twettir variants Read Full Article
Quite a long time ago I contacted Microsoft regarding what I thought was a XSS vulnerability in IE. Microsoft disagreed, preferring to call it a ‘feature’. Read Full Article