Posted 04/14/09 at 06:47:08 PM by Mark Edward Soper

Over Easter weekend, many Twitter fans were getting worms instead of finding Easter Eggs, as the developer of a rival microblogging site (StalkDaily), one 17-year-old Michael "Mikeyy" Mooney, was busy drawing Twitter users to his site through infected links and Twitter profiles. According to PCWorld and the Twitter status page, the infection has now been brought under control. But inquiring minds want to know, "what happened?" and "how can we stop a future attack?" 

Doing a Google search for "Mikeyy" or "TwitterWorm" isn't the best way to find out, though, as the F-Secure security blog points out that fake news sites are being used to infect curious searchers with (unrelated) malware. To get the real scoop, join us after the jump.

Read More

Posted 12/26/08 at 06:25:24 PM by Mark Edward Soper

Before you drop in on the American Express website to see how much damage you did to your credit line with holiday shopping, you should know it's vulnerable to an XSS (cross-site scripting) exploit. As The Register reports, this news comes after a bungled attempt to fix the problem. As El Reg puts it,

The cross-site scripting (XSS) error that makes it trivial for attackers to steal americanexpress.com user's authentication cookies is alive and kicking. The confusion stems from a mistake made by many application developers who incorrectly assume that the root cause of a vulnerability is closed as soon as a particular exploit no longer works.

So far, only proof-of-concept exploits have been written to show how easy it would be to pilfer login credentials, but until AmEx really eradicates this problem, keep a careful eye on your website transactions. For a list of precautions you can take to stop XSS exploits, see our 2007 article.

Have you been victimized by an XSS error? Join us after the jump and sound off.  

Read More

Posted 07/01/08 at 03:08:34 PM by Mark Edward Soper

According to Kapersky Labs analyst Roel Schouwenberg, GIF files can include embedded JavaScript, and under certain circumstances, can be used to launch a cross-site-scripting (XSS) attack. Internet Explorer's vulnerable to this threat, and at least one web site's already been affected.

To find out how long Redmond's known about this problem, and how another browser vendor set Microsoft an example in how to deal with a reported vulnerability, join us after the jump.

Read More

Posted 04/14/08 at 10:33:29 PM by Mark 'Marcus_Soperus' Soper

While Windows Vista often takes a beating 'round these parts for problems with speed and compatibility with older software, its improved security features are helping make video playback and web browsing more secure. Find out how.

Read More

Posted 03/26/08 at 10:36:00 PM by Mark Soper

Find out who's king of the browser rendering sweepstakes, and which browser-come-lately has an "impossible" end-user license agreement - not to mention a couple of serious security flaws.

Read More

Posted 01/30/08 at 04:23:52 PM by MarkSoper

Find out why your favorite Firefox add-ons can leave your system crying "Don't Chrome Me, Bro!" - and how to protect yourself.

Read More

Posted 01/22/08 at 09:25:52 PM by Mark Soper

You know that Microsoft never sends out email messages with links to Microsoft Update or Windows Update. Do your friends, family and co-workers know that? If they don't - be prepared to mop up the mess.

Read More

Posted 09/24/07 at 11:32:52 PM by Mark Soper

Googling your way around the Internet? Watch out - cross site scripting (XSS) makes Google and other sites less safe than you think.

Read More