"To date, a major gap exists in vulnerability standardization: there is no standard framework for the creation of vulnerability report documentation."
"OMG, today is The Breach Day, an official security holiday. Verizon Business has just released their super-famous “2011 Data Breach Investigations Report”"
"The Internet Systems Consortium (ISC), a non-profit company which develops BIND and dhcpd/dhclient, has announced a new remote code execution vulnerability present in its dhclient software."
A massive SQL Injection campaign, similar to ones seen in the past, has hit nearly 50,000 domains across the Web, including a handful of iTunes URLs. The attacking domain, lizamoon.com, is currently offline but the server hosting it remains active. Before it disappeared, the injected domain was pointing users to Rogue anti-Virus applications.
Today, as every ordinary Monday, I went to my e-mail box and checked messages from the security community in Full-Disclosure. As usual I came across an advisory pointing out some web security vulnerabilities that differently from usual certainly had my attention.
This post documents an XSS vulnerability that I discovered in the default Gmail app (v1.3) provided by Google in Android 2.1 and prior.
"By some accounts, Microsoft and Google are at each other's throats over the disclosure of vulnerabilities.
Summarising what seems to have happened in fewer than 100 words is a challenging exercise, but here goes:"
Click in to find related links.
Groups interested in vulnerab...
Items: 6 | Visits: 6
Created by: C F
Janus Security Corporation i...
Items: 6 | Visits: 7
Created by: secure downloads