SEARCH RESULTS
 
Showing 1-10 of 12 records
 
Expand article

Automating web application security testing

2007-07-16 11:40:00 by Panayiotis Mavrommatis in Google Online Security Blog
 
...accepts user input as the 'q' parameter. Untrusted data coming from the attacker is marked in red Injection in regular HTML body - angled brackets not filtered or escaped Your query ' ' returned xxx results Injection inside tag attributes - double quote not filtered or escaped form blah Injection inside URL attributes - non-http(s)...
 
Tags: web application, application, input, input parameters, accepts user input, xss, xss vulnerabilities, security, security team check
 
 
 
 
Expand article

ARCO gas pumps targeted by fraudsters

The Article has images
2007-12-27 13:58:30 by Evan Francen in The Breach Blog
...accepts debit cards because banks impose higher fees for credit transactions ARCO considers the safety and security of every customer a top priority," said Todd Spitler, a spokesman for the company. "But there are other businesses throughout California, not only us, that only accept debit cards The company often updates its technology to...
 
Tags: arco gas pumps, pumps, gas pumps, arco, gas stations, arco gas stations, card, debit card identification, creditdebit card data
 
 
 
 
Expand article

Identity Framework Probable Feature List

The Article has images
2007-12-16 06:42:00 by Keith Brown in Security Briefs
...accepts information cards SignInStatus (probably similar features to ASP.NET's LoginStatus Fx helps you build relying parties InformationCard login control You can specify whether you want to accept personal or managed cards If you accept managed cards, a wizard will take a card file as input to automatically configure the control (great...
 
Tags: informationcard login control, login control, information card serializer, information, control, user authentication methods, user, custom sts, card
 
 
 
 
Expand article

More trustworthy election systems via SDL?

2008-02-04 23:34:00 by sdl in The Security Development Lifecycle
 
...accepts data from external sources, etc). The SDL requires development teams to both minimize attack surface in the software they are building and to consider attacks from each entry point on the attack surface to ensure that mitigations are present. It would appear that these examples show that the development teams didnt adopt such a...
 
Tags: machine security concerns, security concerns, election systems, election, security, security researchers, election systems margin, margin, election management system
 
 
 
 
Expand article

SDL and Web 2.0

2008-02-28 22:26:00 by sdl in The Security Development Lifecycle
 
...accepts this content from Eve, then anyone who looks at the wiki entry will have their browser cookie stolen and sent to Eve at evil.com. The cookie could potentially contain login credentials or other sensitive information, allowing Eve to impersonate her victim and essentially commit a form of identity theft The attack Ive shown here is...
 
Tags: web, site, chriss web site, mashups, web mashups, site cookies, persistent cross-site, cookies, benefit anyones web
 
 
 
 
Expand article

Catalina Conservancy Divers donors are warned

The Article has images
2008-03-17 13:32:50 by Evan Francen in The Breach Blog
...accepts online donations Evan] This is sad not only for the individual victims, but Catalina Conservancy also. Online donations should be a viable option, but now it viewed so If you believe you have been the victim of a crime, please notify your bank immediately to close your account(s) and prevent any further crimes from occurring In...
 
Tags: catalina conservancy, conservancy, catalina conservancy divers, hammonds, trevor hammonds, victims names, names, victims, online donations
 
 
 
 
Expand article

Why Do We Accept Signatures by Fax?

2008-05-29 01:00:00 by Bruce Schneier in Wired Security
 
...accepts them Yet people do, all the time. I've signed book contracts, credit card authorizations, nondisclosure agreements and all sorts of financial documents -- all by fax. I even have a scanned file of my signature on my computer, so I can virtually cut and paste it into documents and fax them directly from my computer without ever having...
 
Tags: fax, fax communications, fax insecurity, insecurity, fax machines, fax message, treat fax signatures, fax document, document
 
 
 
 
Expand article

Fax Signatures

2008-06-03 07:01:20 by schneier in Schneier on Security
 
...accepts them Yet people do, all the time. I've signed book contracts, credit card authorizations, nondisclosure agreements and all sorts of financial documents -- all by fax. I even have a scanned file of my signature on my computer, so I can virtually cut and paste it into documents and fax them directly from my computer without ever having...
 
Tags: fax, fax signatures, fax communications, fax insecurity, insecurity, fax machines, fax message, treat fax signatures, fax document
 
 
 
 
Expand article

Fax Signatures

2008-06-03 07:01:20 by schneier in Schneier on Security
 
...accepts them Yet people do, all the time. I've signed book contracts, credit card authorizations, nondisclosure agreements and all sorts of financial documents -- all by fax. I even have a scanned file of my signature on my computer, so I can virtually cut and paste it into documents and fax them directly from my computer without ever having...
 
Tags: fax, fax signatures, fax communications, fax insecurity, insecurity, fax machines, fax message, treat fax signatures, fax document
 
 
 
 
Expand article

T-Mobile Takes Home Line Service National

2008-06-25 10:33:49 by Glennf in Wi-Fi Networking News
 
...accepts SIM cards for authentication, but the backhaul is pure VoIP over Internet. Regular POTS (plain old telephone service) phones can be plugged into the router. The router is also compatible with HotSpot@Home (an additional $10/month), which allows unlimited domestic calling over Wi-Fi using special handsets from T-Mobile; there are now 8...
 
Tags: service, family plan service, home service, home, cell service, t-mobile, telephone service, home-line replacement service, domestic home