There will be a new book about mod-security coming out : ModSecurity 2.5. ModSecurity is essential when it comes to secure any web site. It will make the work of the attacker much harder and it may save you even if your favorite dynamic pages have a security hole. However, it must be configured wisely [...]
Archive of posts tagged Injection
Windows 7 UAC security design flaw
Video of a dummy vulnerability on Windows 7 . More info there. It is incredible that Microsoft invests so much money in its security and that there are still such a bad security design for programs that in no way should be granted any administrator access (calc.exe or notepad.exe). Also, I can’t imagine that no [...]
Hacked !
This blog got hacked yesterday. It looks like some spammer managed to inject some PHP code into almost all *.php files of WordPress. It was not just like the classic SQL injection that is usually used to post some malicious post. The following code was added : <?php echo ‘<script type="text/javascript">function count(str){var res = "";for(i [...]
