[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[WEB SECURITY] New application security incidents

From: Ofer Shezaf <ofer@xxxxxxxxxx>
Subject: [WEB SECURITY] New application security incidents
Date: Wed, 21 Dec 2005 13:18:09 +0200

Yahoo to plug security hole in dating site

...The main problem is that Yahoo Personals ads contain clues about key
personal information--namely birth date and ZIP code--that members also use
to reset their passwords...

http://news.com.com/Yahoo+to+plug+security+hole+in+dating+site/2100-1002_3-6
002882.html


Phishers Exploit Open Redirect on U.S. Government Site

... An open redirect on the govbenefits.gov web site allows phishers to
craft a URL that uses the govbenefits.gov URL but instead sends users to a
web server in Italy and a phishing site seeking to steal their bank login
details and Social Security number...

http://news.netcraft.com/archives/2005/12/01/phishers_exploit_open_redirect_
on_us_government_site.html
http://www.eweek.com/article2/0,1895,1894746,00.asp


~ Ofer

Ofer Shezaf, CTO 
Phone (US): +1 (760) 268.1924 ext. 702
Phone (Israel): +972 (9) 956.0036 ext.212
Cell: +972 (54) 443.1119
ofer.shezaf@xxxxxxxxxx
www.breach.com 
 




---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/

Prev by Date: Re: [WEB SECURITY] Tomcat Banner
Next by Date: [WEB SECURITY] XSS vulnerabilities in Google.com
Previous by thread: [WEB SECURITY] Web Applications on Line
Next by thread: [WEB SECURITY] XSS vulnerabilities in Google.com
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site