Stop using IE. Seriously, just stop. At least for now. A serious 0-day vulnerability which exploits MME HTML has been discovered in every existing version of Windows / IE. Until this gets patched it is essential not to use IE as a browser at all.
While this has just recently been made public, you have to wonder how long this has been exploited quietly by the “bad guys”
I think the title says it all. This is a really nice post from the Mike Cardwell’s blog about an interesting attack using status codes to disclose private info from sites such as Facebook or Gmail. [External Link]
Interesting article about maintaining the integrity of https sessions while still making use of CDN caching capabilities for performance reasons. [External Link]
Security researchers at this weeks Black Hat detailed a new type of DoS attach which targets layer 7 on the application stack (as opposed to layer 4, eating up available bandwidth with requests). [External Link]
Really interesting article on hidden evil in “Free” wordpress themes. Be careful kiddies! [External Link]
Are you ready to stop using Passwords for websites? How about ready to have all your online activity tracked under one account — your Internet ID. Big Brother is watching even closer…. [External Link]
Apparently the free, handy Website Optimization code tool provided by Google and used by many thousands of web developers and admins around the world is vulnerable to an XSS attack. Oops. Not very Optimal! [Link Here]
Internet Storm Center about evil facebook phishing bot patterns. [Link here]
OWASPs AppSec 2010 conference had some awesome presentations including a keynote a by DH Moore on the web-focussed future of the Metasploit project.