web security

Bulletin Severity Rating:Critical - This security update resolves a privately reported vulnerability in Microsoft Windows Object Linking and Embedding (OLE) Automation. The vulnerability could allow remote code execution if a user visits a Web site containing a specially crafted Windows Metafile...

While Sony may have gotten its Playstation Network back online this week, other divisions of the Japanese business are still feeling hack attacks. The web site Naked Security reports that a hacker found his way into a data base at Sony Europe and took out "120 usernames, passwords (plain text)...

In computer science, session hijacking is the exploitation of a valid computer session (commonly known as a "session key") used to gain unauthorized access to information or services in a computer system. For example, when a user logs in to a web site, the user's PC is tagged with a session...

BOSTON (Reuters) – A computer security researcher has found a flaw in Microsoft Corp's widely used Internet Explorer browser that he said could let hackers steal credentials to access FaceBook, Twitter and other websites. He calls the technique "cookiejacking." "Any website. Any cookie...

Web applications increasingly integrate third-party services. The integration introduces new security challenges due to the complexity for an application to coordinate its internal states with those of the component services and the web client across the Internet. In this paper, we study the...

Bulletin Severity Rating:Critical - This security update resolves a privately reported vulnerability in the JScript and VBScript scripting engines. The vulnerability could allow remote code execution if a user visited a specially crafted Web site. An attacker would have no way to force users to...

Thousands of Web Sites Hit With New Twist on Old SQL Injection Hack Thousands of Web Sites Hit With New Twist on Old SQL Injection Hack | Arik Hesseldahl | NewEnterprise | AllThingsD A relatively simple hack has been used to compromise at least 500,000 Web sites, and perhaps as many as 1.5...

Microsoft has announced that Internet Explorer 9 (IE9) supports two separate technologies for restricting access to information related to a user's online activity. One of the privacy features was recently prompted by the Federal Trade Commission (FTC). Both technologies involve the way...

littlekorea writes "Microsoft's much-maligned Vista operating system has been named in the top three of 26 tools tested by the European Commission to filter out web content deemed inappropriate for children. The EC tests found that none of the 26 products enjoyed a 100 percent success rate...

Severity Rating: Important - Revision Note: V1.0 (November 9, 2010): Bulletin published.Summary: This security update resolves four privately reported vulnerabilities in Forefront Unified Access Gateway (UAG). The most severe of these vulnerabilities could allow elevation of privilege if a user...

Bulletin Severity Rating:Important - This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft SharePoint and Windows SharePoint Services. The vulnerabilities could allow information disclosure if an attacker submits specially...

The latest updates to Apple's Safari WebKit-based browser, versions 5.0.1 and 4.1.1, include several new features, such as enabling Safari Extensions and introducing the Safari Extensions Gallery,. They also address a number of security vulnerabilities. In total, the Safari updates close 15...

Link Removed - Invalid URL Security researchers from Vietnamese security vendor Bach Khoa Internetwork Security (Bkis) have identified a new mass injection attack that so far infected almost 180,000 websites with rogue <script> tags. The majority of affected sites are Chinese and many of them...