Web App Security

  • Most Topular Stories

  • Expanded Malware Protection in Firefox

    Mozilla Security Blog
    Francois Marier
    11 Aug 2015 | 7:00 am
    As part of our commitment to help Firefox users stay safe online, we have recently expanded the malware detection features in Firefox. Thanks to new developments in Google’s Safe Browsing service we are now able to identify malware downloads in all of our supported platforms as well as warn users about potentially unwanted software. The first of these changes, introduced in Firefox 39, consists of extending the monitoring of malicious file downloads to the Mac and Linux versions of Firefox. When downloading a file of a type that usually contains Windows or Mac executable code (for…
  • Signed Dridex Campaign

    Zscaler Research
    Tarun Dewan
    24 Aug 2015 | 9:21 am
    Introduction Malware authors use various means to make their malware look similar to legitimate software. One such approach involves signing a malware sample with a digital certificate. Recently we saw Dridex malware authors using this technique while reviewing the samples in our Cloud Sandbox. Dridex is a banking Trojan which typically arrives to a system via malicious spam email with a
  • WebExtensions FAQ

    hackademix.net
    Giorgio
    25 Aug 2015 | 4:36 pm
    WebExtensions are making some people happy, some people angry, many people ask questions. Some of the answers can be found here, more to come as add-on developers keep discussing this hot topic. My favourite one: No, your add-ons' ability and your own creativity won't be limited by the new API.
  • Scroll snapping explained

    Mozilla Hacks - the Web developer blog
    Sebastian Zartner
    2 Sep 2015 | 8:10 am
    Have you ever tried to snap your page’s contents after scrolling? There are many JavaScript libraries out there providing this functionality. Here are a few examples: https://github.com/peachananr/purejs-onepage-scroll http://wtm.github.io/jquery.snapscroll/ http://guidobouman.github.io/jquery-panelsnap/ http://alvarotrigo.com/fullPage/ As this is a common use case related to page layout and behavior, the W3C has published a pure CSS approach to scroll snapping. CSS scroll snapping, (available since July’s Firefox 39 release), allows you to control where to stop on an overflowing…
  • nsrl.py: Using the Reference Data Set of the National Software Reference Library

    Didier Stevens
    Didier Stevens
    31 Aug 2015 | 5:00 pm
    When I scan executables on a Windows machine looking for malware or suspicious files, I often use the Reference Data Set of the National Software Reference Library to filter out known benign files. nsrl.py is the program I wrote to do this. nsrl.py can read the Reference Data Set directly from the ZIP file provided by the NSRL, no need to unzip it. Usage: nsrl.py [options] filemd5 [NSRL-file] NSRL tool Options: –version             show program’s version number and exit -h, –help            show this help message and exit -s SEPARATOR,…
  • add this feed to my.Alltop

    Mozilla Security Blog

  • Expanded Malware Protection in Firefox

    Francois Marier
    11 Aug 2015 | 7:00 am
    As part of our commitment to help Firefox users stay safe online, we have recently expanded the malware detection features in Firefox. Thanks to new developments in Google’s Safe Browsing service we are now able to identify malware downloads in all of our supported platforms as well as warn users about potentially unwanted software. The first of these changes, introduced in Firefox 39, consists of extending the monitoring of malicious file downloads to the Mac and Linux versions of Firefox. When downloading a file of a type that usually contains Windows or Mac executable code (for…
  • Firefox exploit found in the wild

    Daniel Veditz
    6 Aug 2015 | 10:36 pm
    Yesterday morning, August 5, a Firefox user informed us that an advertisement on a news site in Russia was serving a Firefox exploit that searched for sensitive files and uploaded them to a server that appears to be in Ukraine. This morning Mozilla released security updates that fix the vulnerability. All Firefox users are urged to update to Firefox 39.0.3. The fix has also been shipped in Firefox ESR 38.1.1. The vulnerability comes from the interaction of the mechanism that enforces JavaScript context separation (the “same origin policy”) and Firefox’s PDF Viewer. Mozilla products that…
  • Mozilla Winter of Security is back!

    Julien Vehent
    15 Jul 2015 | 12:18 pm
    Last year, we introduced the Mozilla Winter of Security (MWoS) to invite students to work on security projects with members of Mozilla’s security teams. Ten projects were proposed, and dozens of teams applied. A winter later, MWoS 2014 gave birth to exciting new technologies such as the SeaSponge Threat Modeling platform, the Masche memory scanning Go library, a Linux Audit plugin written in Go for integration in Heka, and a TLS Observatory. The first edition of MWoS was a success, and a lot of fun for students and mentors, so we decided to run it again this year. For the 2015 edition, we…
  • Dharma

    Christoph Diehl
    29 Jun 2015 | 10:54 am
    As soon as a developer at Mozilla starts integrating a new WebAPI feature, the Mozilla Security team begins working to help secure that API. Subtle programming mistakes in new code can introduce annoying crashes and even serious security vulnerabilities that can be triggered by malformed input which can lead to headaches for the user and security exposure. WebAPIs start life as a specification in the form of an Interface Description Language, or IDL. Since this is essentially a grammar, a grammar-based fuzzer becomes a valuable tool in finding security issues in new WebAPIs because it ensures…
  • Changes to the Firefox Bug Bounty Program

    rforbes
    9 Jun 2015 | 11:53 am
    The Bug Bounty Program is an important part of security here at Mozilla.  This program has paid out close to 1.6 million dollars to date and we are very happy with the success of it.  We have a great community of researchers who have really contributed to the security of Firefox and our other products. Those of us on the Bug Bounty Committee did an evaluation of the Firefox bug bounty program as it stands and decided it was time for a change. First, we looked at how much we award for a vulnerability.  The amount awarded was increased to $3000 five years ago and it is definitely time for…
 
  • add this feed to my.Alltop

    Zscaler Research

  • Signed Dridex Campaign

    Tarun Dewan
    24 Aug 2015 | 9:21 am
    Introduction Malware authors use various means to make their malware look similar to legitimate software. One such approach involves signing a malware sample with a digital certificate. Recently we saw Dridex malware authors using this technique while reviewing the samples in our Cloud Sandbox. Dridex is a banking Trojan which typically arrives to a system via malicious spam email with a
  • Neutrino Campaign Leveraging WordPress, Flash for CryptoWall

    John Mancuso
    20 Aug 2015 | 3:57 pm
    Overview Neutrino Exploit Kit (EK) appeared on the scene around March of 2013 and continues to remain active and incorporate new exploits. In the beginning of July, Neutrino reportedly incorporated the HackingTeam 0day (CVE-2015-5119), and in the past few days we've seen a massive uptick in the use of the kit. The cause for this uptick appears due to widespread WordPress site compromises.
  • Chinese cyber espionage APT group ‘Emissary Panda’ activity update

    Deepen Desai
    20 Aug 2015 | 10:04 am
    Introduction Last week we shared research on the Chinese cyber espionage APT group ‘Emissary Panda’ and how the group is for the first time leveraging Hacking Team’s leaked exploits to target a multinational financial services firm. Upon further analysis we have identified multiple other industry verticals that were also targeted by this group in the last month. The ‘Emissary Panda’ APT group
  • Chinese cyber espionage APT group leveraging recently leaked Hacking Team exploits to target a Financial Services Firm

    Deepen Desai
    14 Aug 2015 | 9:50 am
    Introduction As predicted following the leak of Hacking Team exploit codes covered here, the Zscaler security research team has recently started seeing a Chinese cyber espionage group weaponizing malware payloads using the 0-day exploits found in the leaked Hacking Team archives. As such, this new attack represents a dangerous new hybrid combining the work of a notorious cyber criminal gang
  • Anatomy of a Scamware Network - MultiPlug

    Ed Miles
    29 Jul 2015 | 2:45 pm
    While examining our cloud sandbox data recently, we uncovered a large MultiPlug network that caught our attention due to its use pattern of code signing certificates and the breadth of its hosting infrastructure. Overview of the Scamware Hosting Network (Node Legend -- Red: Host, Pink: Domain, Green: File-MD5) As we discussed in June, MultiPlug is a common scamware family that tricks
  • add this feed to my.Alltop

    hackademix.net

  • WebExtensions FAQ

    Giorgio
    25 Aug 2015 | 4:36 pm
    WebExtensions are making some people happy, some people angry, many people ask questions. Some of the answers can be found here, more to come as add-on developers keep discussing this hot topic. My favourite one: No, your add-ons' ability and your own creativity won't be limited by the new API.
  • WebExtensions API & NoScript

    Giorgio
    22 Aug 2015 | 12:48 am
    Updated on 28th August 2015 Many of you have read a certain announcement about the future of Firefox's add-ons and are worried about some extensions, including NoScript, being deeply rooted into those Mozilla's core technologies, such as XPCOM and XUL, which are going to be deprecated. Developers and users are also concerned about add-ons being prevented from exploring radically new concepts which would require those "super powers" apparently taken away by the WebExtensions API. I'd like to reassure them: Mozilla is investing a lot of resources to ensure that complex and innovative extensions…
  • NoScript Does Accept Bitcoin Donations

    Giorgio
    6 Feb 2015 | 7:02 am
    It just occurred to me that Google did not know about tweets at the time I wrote this one: So you want to donate in #bitcoin to help NoScript's development? Now you can, bitcoin:1Kupnx5isBdAJ5ki2BEVF6sBuYmkYigWPU Since I routinely receive inquiries from potential bitcoin donors, I hope this post to be easier to find.
  • Both Your Cheeks

    Giorgio
    16 Jan 2015 | 9:53 am
    Dear pope Francis, Thank you for for this chance to punch your face (both cheeks, the way you christians enjoy best) because your organization routinely defames and insults His Majesty Satan. Sincerely, Your friendly neighbourhood satanist P.S.: a very good article about this from The Guardian. P.P.S.: Yes, I think free thinking, free speech and censorship are very relevant to the Open Web.
  • s/http(:\/\/(?:noscript|flashgot|hackademix)\.net)/https\1/

    Giorgio
    19 Nov 2014 | 3:16 pm
    I'm glad to announce noscript.net, flashgot.net and hackademix.net have been finally switched to full, permanent TLS with HSTS Please do expect a smörgåsbord of bugs and bunny funny stuff :)
 
  • add this feed to my.Alltop

    Mozilla Hacks - the Web developer blog

  • Scroll snapping explained

    Sebastian Zartner
    2 Sep 2015 | 8:10 am
    Have you ever tried to snap your page’s contents after scrolling? There are many JavaScript libraries out there providing this functionality. Here are a few examples: https://github.com/peachananr/purejs-onepage-scroll http://wtm.github.io/jquery.snapscroll/ http://guidobouman.github.io/jquery-panelsnap/ http://alvarotrigo.com/fullPage/ As this is a common use case related to page layout and behavior, the W3C has published a pure CSS approach to scroll snapping. CSS scroll snapping, (available since July’s Firefox 39 release), allows you to control where to stop on an overflowing…
  • Flash-Free Clipboard for the Web

    Michael Layzell
    1 Sep 2015 | 7:54 am
    As part of our effort to grow the Web platform and make it accessible to new devices, we are trying to reduce the Web’s dependence on Flash. As part of that effort, we are standardizing and exposing useful features which are currently only available to Flash to the entirety of the Web platform. One of the reasons why many sites still use Flash is because of its copy and cut clipboard APIs. Flash exposes an API for programmatically copying text to the user’s clipboard on a button press. This has been used to implement handy features, such as GitHub’s “clone URL”…
  • Developer Edition 42: Wifi Debugging, Win10, Multiprocess Firefox, ReactJS tools, and more

    Brian Grinstead
    24 Aug 2015 | 12:18 pm
    Firefox 42 has arrived! In this release, we put a lot of effort into the quality and polish of the Developer Edition browser. Although many of the bugs resolved this release don’t feature in the Release Notes, these small fixes make the tools faster and more stable. But there’s still a lot to report, including a major change to how Firefox works. Debugging over wifi Now, with remote website debugging, you can debug Firefox for Android devices over wifi – no USB cable or ADB needed. Multiprocess is enabled by default Multiprocess Firefox (aka E10s) has been enabled by default…
  • ES6 In Depth: The Future

    Jason Orendorff
    21 Aug 2015 | 7:48 pm
    ES6 In Depth is a series on new features being added to the JavaScript programming language in the 6th Edition of the ECMAScript standard, ES6 for short. Last week’s article on ES6 modules wrapped up a 4-month survey of the major new features in ES6. This post covers over a dozen more new features that we never got around to talking about at length. Consider it a fun tour of all the closets and oddly-shaped upstairs rooms in this mansion of a language. Maybe a vast underground cavern or two. If you haven’t read the other parts of the series, take a look; this installment may not be the…
  • Flying a drone in your browser with WebBluetooth

    Jan Jongboom
    19 Aug 2015 | 8:21 am
    There are tons of devices around us, and the number is only growing. And more and more of these devices come with connectivity. From suitcases to plants to eggs. This brings new challenges: how can we discover devices around us, and how can we interact with them? Currently device interactions are handled by separate apps running on mobile phones. But this does not solve the discoverability issue. I need to know which devices are around me before I know which app to install. When I’m standing in front of a meeting room I don’t care about which app to install, or even what the name or ID of…
  • add this feed to my.Alltop

    Didier Stevens

  • nsrl.py: Using the Reference Data Set of the National Software Reference Library

    Didier Stevens
    31 Aug 2015 | 5:00 pm
    When I scan executables on a Windows machine looking for malware or suspicious files, I often use the Reference Data Set of the National Software Reference Library to filter out known benign files. nsrl.py is the program I wrote to do this. nsrl.py can read the Reference Data Set directly from the ZIP file provided by the NSRL, no need to unzip it. Usage: nsrl.py [options] filemd5 [NSRL-file] NSRL tool Options: –version             show program’s version number and exit -h, –help            show this help message and exit -s SEPARATOR,…
  • Test File: PDF With Embedded DOC Dropping EICAR

    Didier Stevens
    28 Aug 2015 | 2:30 am
    Over at the SANS ISC diary I wrote a diary entry on the analysis of a PDF file that contains a malicious DOC file. For testing purposes, I created a PDF file that contains a DOC file that drops the EICAR test file. The PDF file contains JavaScript that extracts and opens the DOC file (with user approval). The DOC file contains a VBA script that executes upon opening of the file, and writes the EICAR test file to a temporary file in the %TEMP% folder. You can download the PDF file here. It is in a password protected ZIP file. The password is eicardropper, with eicar written in uppercase:…
  • Update: base64dump.py Version 0.0.2

    Didier Stevens
    21 Aug 2015 | 2:35 am
    A small update to my base64dump.py program: with option -n, you can specify the minimum length of the decoded base64 stream. I use this when I have too many short strings detected as base64. base64dump_V0_0_2.zip (https) MD5: EE032FAB256D44B2907EAA716AD812C5 SHA256: 1E5801DD71C0FFA9CA90D2803B46275662E222D874E409FF31F83B21E6DEC080
  • Update: pdf-parser Version 0.6.4

    Didier Stevens
    12 Aug 2015 | 5:00 pm
    In this new version of pdf-parser, option -H will now also calculate the MD5 hashes of the unfiltered and filtered stream of selected objects, and also dump the first 16 bytes. I needed this to analyze a malicious PDF that embeds a .docm file. As you can see in this screenshot, the embedded file is a ZIP file (PK). .docm files are actually ZIP files. pdf-parser_V0_6_4.zip (https) MD5: 47A4C70AA281E1E80A816371249DCBD6 SHA256: EC8E64E3A74FCCDB7828B8ECC07A2C33B701052D52C43C549115DDCD6F0F02FE
  • Jump List Forensics

    Didier Stevens
    2 Aug 2015 | 5:00 pm
    Jump List files are actually OLE files. These files (introduced with Windows 7) give access to recently accessed applications and files. They have forensic value. You can find them in C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations and C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations. The AutomaticDestinations files are the OLE files, so you can analyze them with oledump. There are a couple of tools that can extract information from these files. Here you can see oledump analyzing an automatic Jump List file: The stream DestList…
 
  • add this feed to my.Alltop

    CERIAS Combined Feed

  • Kelley Misata Interviewed by Gr3yNoise Podcast

    CERIAS Webmaster
    20 Aug 2015 | 1:01 pm
    More information »
  • CERIAS Student Wins Academic Excellence Award

    CERIAS Webmaster
    7 Aug 2015 | 11:04 am
    Rachel Sitarz, a CERIAS Ph.D. candidate in cyber forensics, was awarded the Women in Security Academic Excellence Award by Duo Security. The Women in Security Awards recognize exceptional contributions to the fields of information security and privacy in commercial and academic domains. Sitarz was awarded a $2,500 stipend and a full briefing pass to BlackHat USA 2015. Press release at Duo Security More about Rachel Rachel Sitarz is a PhD student in Cyber Forensics at Purdue University. She studies under the guidance of Dr. Marcus Rogers. She obtained her Master degree in Cyber Forensics in…
  • Why I Don’t Attend Cons

    Gene Spafford
    3 Aug 2015 | 12:39 pm
    I recently had a couple of students (and former students, and colleagues) ask me if I was attending any of a set of upcoming cons (non-academic/organizational conferences) in the general area of cyber security. That includes everything from the more highly polished Black Hat and DefCon events, to Bsides events, DerbyCon, Circle City Con, et al. (I don’t include the annual RSA Conference in that list, however.) 25 years ago there were some as the field was starting up that I attended. One could argue that some of the early RAID and SANS conferences fit this category, as did some of the…
  • Teaching Millennials About Privacy and Risk Communications

    CERIAS Webmaster
    3 Aug 2015 | 10:19 am
    SecurityIntelligence.com:In the third and final part of our interview series with Kelley Misata, we discuss millennials and their views on cybersecurity and risk communications, among other topics. Misata, a Ph.D. candidate at Purdue University, previously chatted with Security Intelligence about issues relating to privacy and risk communications as well as information security in the first and second installments. More information »
  • Dissecting Obama’s CyberSecurity Executive Order

    CERIAS Webmaster
    16 Jul 2015 | 1:20 pm
    CipherCloud’s Dr. Chenxi Wang interviewed Dr. Eugene Spafford, the executive director of CERIAS center, Purdue University. Below is a summary of the interview conversation. More information »
  • add this feed to my.Alltop

    Security Bloggers Network

  • Camp IT Chicago

    Sarah Vonnegut
    3 Sep 2015 | 12:15 am
    Join Checkmarx at the Camp IT Chicago event, October 1st, 2015 at Donald E. Stephens Convention Center Rosemont (O’Hare) Illinois In […] The post Camp IT Chicago appeared first on Checkmarx.
  • VMworld 2015 Briefings: VMware’s Hyper-Converged Infrastructure Leads the Market

    Windows IT Pro
    2 Sep 2015 | 9:10 pm
    Learn about VMware's hyper-converged infrastructure Last year at VMworld hyper-converged infrastructure (HCI) was the newest industry buzzword that everyone was trying to learn about. Things have changed quickly...
  • toolsmith #108: Visualizing Network Data with Network Data

    Russ McRee
    2 Sep 2015 | 8:41 pm
    PrerequisitesR development environment (R, RStudio)This month finds us in a new phase for toolsmith as it will not be associated with ISSA or the ISSA Journal any further. Suffice it to say that the ISSA board and management organization decided they no longer wanted to pay the small monthly stipend I’d been receiving since the inception of the toolsmith column. As I am by no means a profiteer, I am also not a charity, so we simply parted ways. All the better I say, as I have been less than satisfied with ISSA as an organization: Ira Winkler and Mary AnnDavidson should serve to define…
  • Software Defined Data Center Made Simple (feat. Pindell) – VMworld2015

    psilva
    2 Sep 2015 | 8:25 pm
    The fun and always interesting Paul Pindell, Sr. Solution Architect, breaks down the #SDDC in clear and simple terms. He discusses the various elements such as software defined compute, software defined storage and software defined network along with management and how they combine to create a software defined data center. Each element can be abstracted […]
  • Government-Level Hacking: Cybersecurity in the Public Sector

    Security_Guest
    2 Sep 2015 | 8:11 pm
    When high-tech hackers infiltrated the personnel records of over 22 million current, former and prospective U.S. government employees this past April, the major breach was akin to a “massive cyber Pearl Harbor,” says Rob Roy, HP’s Federal Chief Technology Officer.
  • add this feed to my.Alltop

    blog.hotspotshield.com

  • Don’t’s & Do’s When Using Public Wi-Fi

    Robert Siciliano
    1 Sep 2015 | 8:08 am
    Curl up in a chair at your favorite coffee house, the aroma of premium coffee filling the air, take a few sips of your 400 calories latte, and then enter cyberspace. Little do you know that you could have a stalker. Or two. Or 3,000. Because public Wi-Fi is there for the picking for hackers. Online transmissions can be intercepted. The credit card number that you enter onto that retailer’s site can be “seen”, as well as many other infos you don’t want to disclose. Don’t Do These at a Public Wi-Fi Site Never leave your spot without your device on you—not even for a moment. You…
  • Hotspot Shield Adds Chrome Extension for an Uncensored and Safer Private Browsing on Desktop

    Levent Sapci
    26 Aug 2015 | 11:00 am
    We’ve done it again! With just a few weeks since releasing Hotspot Shield for Windows Phones, we now expand our protection solution beyond specific operating systems. In our continuing efforts to make sure you’re always protected online, the Hotspot Shield team has added browser-based protection for your online defense. Along with Windows, Mac, Android and iOS devices, Hotspot Shield protection is now available as an extension on your Chrome browser! Features for Hotspot Shield Chrome Extension Completely FREE, No Ads, No logs Unlimited bandwidth Simple UI and easy to use (Big On/Off…
  • How to Save Money on Your Favorite Steam Games Online

    Levent Sapci
    24 Aug 2015 | 8:28 am
    Most online gaming fans are familiar with Steam, the platform that hosts countless games for players around the world. What many gaming enthusiasts don’t know, however, is that they could save big without decreasing their game consumption. Here’s how to save on your favorite Steam games online. What Steam Has to Offer Whether you’re a diehard gamer or a complete newbie, Steam has a little something for everyone. With over 3,500 games to choose from, options range from role playing games to shooters to arcade games. Players hail from countries around the world, and many join together in…
  • Signs You have Malware and what You can do

    Levent Sapci
    23 Aug 2015 | 7:22 am
    Not all computer viruses immediately crash your device in a dramatic display. A virus can run in the background, quietly creeping around on its tip-toes, stealing things and messing things up along the way. If your computer has a virus, here’s what may happen: Windows suddenly shuts down. Programs automatically start up. Some programs won’t start at your command. The hard disk can be heard constantly working. Things are running awfully slow. Spontaneous occurrence of messages. The activity light on the external modem, instead of flickering, is always lit. Your mouse moves all on its own.
  • You’re 3 Steps Away from Unblocking Netflix US in Japan [or Anywhere Else]

    Levent Sapci
    20 Aug 2015 | 7:42 am
    Netflix Is Coming to Japan Netflix has had a busy year of expansion: Australia, New Zealand…. and soon our friends in Tokyo, Kyoto, Osaka will be able to enjoy House of Cards, Orange Is the New Black, and so much more, because Netflix is coming to Japan. But did you actually know there’s no need to wait until then? You can unblock US/UK/French/Canadian Netflix or any other Netflix region no matter where you are. All you need is a tool that easily enables you to change your browsing location and thus fools Netflix into thinking you’re in the region you want to access its…
 
Log in