Security expert Ebrahim Hegazy, Cyber Security Analyst Consultant at Q-CERT, has found a serious vulnerability in Twitter. The Twitter Unrestricted File Upload Vulnerability allows an attacker to upload files of any extension including PHP. When an application does not validate or improperly validates file types before uploading files to the system, called Unrestricted File upload vulnerability. Such flaws allow an attacker to upload and execute arbitrary code on the target system which could result in execution of arbitrary HTML and script
Monthly Archives: January 2014
Cyber Security Expert and Penetration tester, Ebrahim Hegazy has found a serious vulnerability in Yahoo’s website that allows an attacker to remotely execute any commands on the server i.e. Remote Command Execution vulnerability. According to Ebrahim blog post, the vulnerability resides in a Chinese subdomin of Yahoo website. Last week, He reported the flaw to Yahoo Security Team and also tip-off them of more threat. Yahoo remote command execution vulnerability fixed by Yahoo Security Team within a day after he reported.
New Developments On Web Security Introduced By Mozilla. Mozilla and BlackBerry’s work on security research techniques are in the area of fault injection. Fault injection (also known as “fuzzing”) is a method of automated security testing that is used to identify potential security concerns that can be fixed before users are at risk. Fault injection is a testing technique where specially designed software is created to inject a variety of unexpected or malformed data into a specific application, program or
Yahoo confirmed that it was running advertisements that were spreading malware on some of its sites. While this is apparently in the past now, the company acknowledged and confirmed reports that this took place on Friday. Malicious ads served through Yahoo’s ad network delivered malware to thousands of site visitors, according to researchers at Fox-IT, but Yahoo subsequently blocked the attack. In a statement, Yahoo’s spokesperson said: “On Friday, January 3 on our European sites, we served some advertisements that
Web Security is possibly today’s most noisy and multiaspect field that is a prior task in any organization. It is worth saying for an introduction that Web is a system of interconnected documents accessed via the Internet. On the whole the term called “WEB”is known to be a human knowledge and culture storage, which enables users in remote sites to share their ideas and thoughts in all aspects of a common computing project. Since unknown “intruders” are concentrated on web applications,
The extension of general information systems has brought about with itself a bunch of privacy and security concerns not only for separate users but also for huge organizations. Here several aspects may be considered: all the private employee data and the company’s important information is recorded in computers, besides there ere organizations that perform all their management and business activities via internet. All these points confirm the necessity of an organization to be responsible and keep an eye on computing