Posted in CGI Security on December 28th, 2008 by CGI
“The State Bank of India, the country’s largest bank, has had to shut down its corporate website after overseas hackers tried to break in.While the bank said that transactions took place through www.onlinesbi.com, a senior SBI source said that the transactions were slow as the entire system was under watch. The…
Posted in CGI Security on December 28th, 2008 by CGI
“Microsoft is warning users of a zero-day vulnerability discovered in SQL Server, and that exploits of the flaw have already been published. The software giant yesterday issued a security advisory outlining a flaw that could allow remote code execution on many versions of SQL Server. The company has not had time…
Posted in CGI Security on December 23rd, 2008 by CGI
“The heat in Max Butler’s safe house was nearly unbearable. It was the equipment’s fault. Butler had crammed several servers and laptops into the studio apartment high above San Francisco’s Tenderloin neighborhood, and the mass of processors and displays produced a swelter that pulsed through the room. Butler brought in some…
Posted in CGI Security on December 19th, 2008 by CGI
Michael Howard from Microsoft has posted information on the recent IE bug and why Microsoft’s SDL failed to discover it.”Every bug is an opportunity to learn, and the security update that fixed the data binding bug that affected Internet Explorer users is no exception. The Common Vulnerabilities and Exposures (CVE) entry…
Posted in CGI Security on December 19th, 2008 by CGI
“German researchers have discovered more than 300 cybercrime servers full of stolen credentials on more than 170,000 people — and it is only the tip of the iceberg, they say. Researchers at the University of Mannheim’s Laboratory for Dependable Distributed Systems were able to access nearly 100 so-called “dropzone” machines, and…
Posted in CGI Security on December 18th, 2008 by CGI
“Once again confirming the trend of having more legitimate sites serving exploits and malware than purely malicious ones, Chinese hackers have been keeping themselves busy during the last couple of days, launching massive SQL injection attacks affecting over 100,000 web sites. The SQL injection attacks serving the just patched Internet Explorer…
Posted in CGI Security on December 18th, 2008 by CGI
“Using the software security framework introduced in October (A Software Security Framework: Working Towards a Realistic Maturity Model), we interviewed nine executives running top software security programs in order to gather real data from real programs. Our goal is to create a maturity model based on these data, and we’re busy…
Posted in CGI Security on December 18th, 2008 by CGI
“Robert C. Seacord and David Chisnall discuss the CERT C Secure Coding standard, developing C standards, and the future of the language and its offshoots.I recently had the opportunity to interview Robert Seacord, author of the recently-published The CERT C Secure Coding Standard. Robert has been deeply involved with C and…
Posted in CGI Security on December 17th, 2008 by CGI
OWASP released the following press release today.”The OWASP testing guide version 3 has been officially released.This project is part of the OWASP 2008 Summer of Code that started on April 2008. The guide resulted in a 349 page book and is the contribution of a team of 21 authors, 4 reviewers…
Posted in CGI Security on December 17th, 2008 by CGI
“Mozilla has told Firefox users that it will no longer be updating version 2 of the browser and they should upgrade to version 3 right away. The warning came alongside a security update patching ten problems, four of them critical. The critical problems involve cross-site scripting. That’s a serious concern as…