Exploiting IE8 UTF-7 XSS Vulnerability Using Local Redirection

As our other posts have shown, keeping your software up-to-date is vital, especially with respect to security.  Software updates often have some type of security component to patch a known vulnerability.  By way of example, consider cross-site scripting (XSS) vulnerability from previous versions of several popular web browsers. This XSS vulnerability allowed attackers to hijack … Read more

Unauthorized TinyURL URL Enumeration Vulnerability

TinyURL is a popular and convenient social media tool, which takes long URLs and shortens them.  This is especially useful with services such as Twitter, which only allows posts up to 140 characters. Although useful, it is important to exercise caution when using TinyURL.  Security flaws within your URL could compromise your security and privacy. … Read more

The Top 49 Security Blogs – Not Named Securethoughts – To Read in 2015

As we move into 2015, cybersecurity will continue to be a pervasive and important topic.  Threats from malicious attacks, along with website and application vulnerabilities, continue to put our privacy and personal information at risk.  To make sure each of your stays up-to-date on everything related to security, Secure Thoughts presents our Top 100 Security … Read more

New Hack Could Be Affecting Your Web Server

If you own or manage a web server, you need to know about a recent vulnerability identified by the Dutch security firm, Fox-IT.  This vulnerability involves embedding malicious software into add-ons for popular content management systems such as WordPress, Joomla, and Drupal. This exploit is referred to as a backdoor vulnerability, which is a method of obtaining access … Read more

Pwning Opera Unite with Inferno’s Eleven

One of the Opera Internet browser’s older functions, which has now been phased out, was Opera Unite.  Opera Unite allowed a browser to act as both a client and a server, allowing a user to receive web content and present web content, using the same browser. Although this feature was popular because it was easy … Read more

Hacking CSRF Tokens using CSS History Hack

Cross-site scripting, or XSS, is a well-known cybersecurity risk that allows malicious users to take control of, and exploit a user’s system. Another security risk is Cross-Site Request Forgery (CSRF, or “sea surf”).  This risk allows someone to execute functions within a user’s authenticated session, thus the “forgery” portion of the name. These two risks … Read more

Hijacking Safari 4 Top Sites with Phish Bombs

It is extremely important to keep your software updated, particularly your web browser.  By way of example, consider older versions of the Safari Browser. One of the features of Safari is the “Top Sites” function, which stores a user’s favorite and most visited web sites.  Prior to version 4.0.3 though, the “Top Sites” function was … Read more

Judge tosses all but one Hannaford data breach claim

A federal judge on Tuesday dismissed nearly all of the civil claims filed against Hannaford Bros. for the supermarket giant’s alleged failure to protect and notify consumers during an electronic data breach in late 2007 and early 2008. Judge D. Brock Hornby ruled that the only consumers who will be allowed to proceed with the … Read more