HNS MAIN FEED
Monday, 14:48 EST
- First Windows 7 zero-day bug confirmed by Microsoft
- Malicious "Balance Checker Tool"
- (IN)SECURE Magazine issue 23 released
- Most security products fail to perform
- Safe online shopping tips
- Week in review: cyber war, SQL injection, spam evolution, Apple and Microsoft patches
- Serious Adobe Flash vulnerability
- WordPress 2.8.6 security release
- Biggest website security weaknesses
- Spam evolution: September 2009
- Apple Safari 4.0.4 patches critical vulnerabilities
- Real-world data on software security initiatives
Month of Twitter Bugs: bit.ly multple vulnerabilities
Posted on 02 July 2009.
First report in the Month of Twitter Bugs focuses on multiple vulnerabilities in bit.ly URL shortening service. Discovered security issues include:
Security issues have been patched, but according to researcher Aviv Raff who is behind the Month of Twitter Bugs, it took bit.ly a month and a half to fix these simple XSS vulnerabilities. Technical details on the vulnerabilities here.
- Reflected Cross-Site Scripting in the “url” query parameter.
- Reflected Cross-Site Scripting in the keywords parameter.
- Reflected POST Cross-Site Scripting in the username field of the login page
- Persistent Cross-Site Scripting in the content-type field of the URL info page
Security issues have been patched, but according to researcher Aviv Raff who is behind the Month of Twitter Bugs, it took bit.ly a month and a half to fix these simple XSS vulnerabilities. Technical details on the vulnerabilities here.
- First Windows 7 zero-day bug confirmed by Microsoft
- (IN)SECURE Magazine issue 23 released
- Most security products fail to perform
- Safe online shopping tips
- Week in review: cyber war, SQL injection, spam evolution, Apple and Microsoft patches
