Hacking CSRF Tokens using CSS History Hack

Cross-site scripting, or XSS, is a well-known cybersecurity risk that allows malicious users to take control of, and exploit a user’s system. Another security risk is Cross-Site Request Forgery (CSRF, or “sea surf”).  This risk allows someone to execute functions within a user’s authenticated session, thus the “forgery” portion of the name. These two risks … Read more

Hijacking Safari 4 Top Sites with Phish Bombs

It is extremely important to keep your software updated, particularly your web browser.  By way of example, consider older versions of the Safari Browser. One of the features of Safari is the “Top Sites” function, which stores a user’s favorite and most visited web sites.  Prior to version 4.0.3 though, the “Top Sites” function was … Read more

Judge tosses all but one Hannaford data breach claim

A federal judge on Tuesday dismissed nearly all of the civil claims filed against Hannaford Bros. for the supermarket giant’s alleged failure to protect and notify consumers during an electronic data breach in late 2007 and early 2008. Judge D. Brock Hornby ruled that the only consumers who will be allowed to proceed with the … Read more

Apple Alert! The Walled Garden is Breached

Well, it finally happened. Long touted as an alternative both more secure and more entertaining than Android, Apple’s infamously locked-down marketplace has finally suffered a major breach. How did this happen, who is affected, and how much should we be panicking? Xcode — Ghosted The breach centers around Apple’s integrated development environment (IDE), known as … Read more

So You Think You’re Secure…?

The UK government GetSafeOnline website offers free advice and tells its users, “so now you really can stay safe with everything you do online.” Buy a Windows-based computer and the likelihood is it will arrive with pre-installed anti-virus software, often McAfee (part of Intel, which produces the processor chips most usually found on Windows computers). … Read more