Time for serving today's pwnsauce (morning_wood* tm), hehe !

Just to prove my re-phrasing right in the previous post, www.appinonline.com comes with a few or more XSS, SQL injection, and buffer overflow bugs ... lol !

They got almost 45 patterns of XSS, 5 patterns of SQL injection, including numeric and string input/multiple input types ... They provide security for top companies, and here's a photograph of their great president, Mr.Rajat Khare ...



PS: They provide WEB-SECURITY, AND APPLICATION SECURITY ... WOW !
Wonder how good they're ?? Here's the proof

PPS: It also proves my argument, that all graduates aren't intelligent, not even the ones from IIT.

In the end, we see that, even today ... the cobbler still goes barefoot ;)

This also goes to say, the security product / vendor / service providers themselves need some security to start with ... and who knows, time will tell if this company can survive the harsh lashes from the cruel media...

Reported the stuff to him :)

/Quit

Quote from "For a few dollars more" , 1960 something ...

In this world where life has no value, death sometimes has it's price...

I tried to rephrase this for Infosec, hehe ! :P

In this world where a computer's data has no value, a break-in sometimes has it's price.

That's why the hackers sprung up ...

The loss of customer/client/consumer, and bad public-relations ... lol, a news brief will be "almost mean the end" of a company in mainstream IT.

/Quit, enough of blaming

We present to you ... www.usablesecurity.com !



Security blog's XSS ;)

Ironically their page has their last post on "phishing" and "Open ID"...

/Quit

Presenting the XSS Trio ;)

Site: www.googlefont.com, www.netscape.com, and www.mtv.com
Multiple XSS bugs
Risk: High



Google font - XSS



Netscape XSS



Mtv.com - nice music channel !

XSS is not an ordinary threat anymore which can just bring pop-ups, advanced and planned attacks, XSS worms like the myspace one, and nice shellcodes (like the ones showed by bill hoffman of SPI @ shmoocon are examples of ... sophistication in this area) And we can't forget XSS Proxy ... uauauauauauaua !

/Ph33r to click ...

Hew Griffith, the ex-DoD council member, has been extradited to the USA for sentencing.
Personally I feel he must have had his chances to serve time in Australia.

Read the full story here...

/Quit

Quoted from ArsTechnica, a kid got kicked outta school for creating a counter-strike map of the school... sounds funny, but logical as well, seems as though schools are on high alert, after the massacre at Virginia Tech...

/Quit