Monthly Archives: October 2012

Security Researcher Experiments With Patching Java


October 23, 2012 By
The Vigilant Application Owner

The H – (International) Security researcher experiments with patching Java. With Oracle planning to wait until February 2013, a security researcher decided to take matters into his own hands by developing a patch for a critical security vulnerability he discovered in Java. He posted a report on his efforts to security mailing list Full Disclosure. […]

Continue reading...

Java Still Has A Critical Role to Play Despite Security Risks


October 22, 2012 By
The Vigilant Application Owner

Ars Technica – (International) Java still has a crucial role to play despite security risks. Java has its security flaws, but it is not going away any time soon — many important applications run on the technology, especially in business settings. Still, many users are worried enough about vulnerabilities that they restrict Java’s ability to […]

Continue reading...

XSS Attacks Remain Top Threat To Web Applications


By
The Vigilant Application Owner

Computer Weekly – (International) XSS attacks remain top threat to Web applications. Cross-site scripting (XSS) attacks remain the top threat to Web applications, databases, and Web sites, an analysis of 15 million cyberattacks in the third quarter of 2012 revealed. Other top attack techniques are directory traversals, SQL injections (SQLi), and cross-site request forgery (CSRF), […]

Continue reading...

Second DDoS Attack Hits GitHub, Some Repositories Temporarily Unavailable


October 20, 2012 By
The Vigilant Application Owner

Softpedia – (International) Second DDoS attack hits GitHub, some repositories temporarily unavailable. A second distributed denial-of-service (DDoS) attack has hit the popular code repository GitHub. This one came only hours after a similar cyberattack forced the site’s services to go offline. “Pages is currently being hit with a DoS attack. We’re working to mitigate the […]

Continue reading...

Use Maven to Find Security Vulnerabilities and Viral Licenses in Applications


October 10, 2012 By
Bentmann Benjamin

A few months ago, we launched Insight Application Health Check. Today, I’d like to announce another way to get started tracking licensing and security issues. In this post, I’m going to show you how to scan your project with nothing more than Maven and an existing project. You can get started with Insight without having […]

Continue reading...

Insight For CI at the Jenkins User Conference


October 9, 2012 By
Manfred Moser

Before JavaOne 2012 a few of us joined the Jenkins community at the Jenkins User Conference 2012 in San Francisco as Gold Sponsors. We had a great time talking to KK, Andrew and others as well as showcasing Insight For CI for Jenkins at the booth. The presentation about “Improving Software Quality Using Component Lifecycle […]

Continue reading...

CloudStack Alert Users To Critical Vulnerability


By
The Vigilant Application Owner

The H – (International) CloudStack alert users to critical vulnerability. Citrix and the Apache Software Foundation alerted users to a critical vulnerability in the CloudStack open source cloud infrastructure management software. All versions downloaded from the cloudstack.org site will be vulnerable. CloudStack is also an incubating Apache project but there have been no official releases […]

Continue reading...

Cybercrime Gang Recruiting Botmasters For Large-scale MiTM Attacks On American Banks


October 4, 2012 By
The Vigilant Application Owner

ThreatPost – (International) Cybercrime gang recruiting botmasters for large-scale MiTM attacks on American banks. A slew of major American banks may soon have to brace themselves for a large-scale coordinated attack bent on pulling off fraudulent wire transfers, ThreatPost reported October 4. RSA’s FraudAction research team has been monitoring underground chatter and has put together […]

Continue reading...

Persistent Flaws In PayPal Allow Cybercriminals To Hijack User Sessions And More


October 2, 2012 By
The Vigilant Application Owner

Softpedia – (International) Persistent flaws in PayPal allow cybercriminals to hijack user sessions and more. Multiple Web vulnerabilities have been identified by Vulnerability Lab researchers on the official PayPal Web site, Softpedia reported October 2. The high-severity security holes could have been exploited by a remote attacker against Pro, seller, or regular customer accounts. A […]

Continue reading...