If you've ever tried changing the URL of a web page to gain access to information, you are familiar with the concept behind SQL attacks.

Just like changing the URL instructs the web server to present the page, you can send instruction to a database by entering certain characters in fields inside a web page. Ultimately this can lead to the disclosure of confidential information.

If that still sounds to vague to you, have a look at this week's episode of our video blog, where we'll demonstrate SQL attacks.

Click To Play

Previous episodes:
How to lose your password online
Using JavaScript to steal confidential information
Attacking online applications for profit (cross site scripting attacks)
Why botnet herders love adware

August 28, 2007 | Permalink | Comments (0)

So it looks like some poor sould had their weekend messed up when the Windows Genuine Advantage (WGA) went a bit wobbly and started labelling some genuine versions of the OS as pirated. Apparently the bug affected some 12,000 users for about 20 hours. Nice.

August 28, 2007 | Permalink | Comments (0)

You don't have to fall victim to a phishing scam to compromise your password online. As we'll demonstrate in this week's episode of our video blog, a simple Trojan will do the trick without you ever knowing.

Click To Play

Next week:
SQL Injection attacks

Previous episodes:

Using JavaScript to steal confidential information
Attacking online applications for profit (cross site scripting attacks)
Why botnet herders love adware

August 20, 2007 | Permalink | Comments (0)

Well you occasionally hear of a security patch breaking some program, but a whole network? That's some going. Skype is pointing the finger at Microsoft, for causing millions of its users' machines to reboot after updating and killing the network. For once, not entirely sure it is Microsoft's fault.

August 20, 2007 | Permalink | Comments (4)

Tell us something we don't know. Experian is warning that a whole load of comapnies still rely on fraud-friendly paper documents to authenticate a person's identity. Come on, let's break the fraud paper chain and go digital, we all know it's more secure.

August 13, 2007 | Permalink | Comments (11)

Would you mind if your insurance provider knew that you've been researching certain diseases online, or that you regularly order cigarettes online even though you're listed as a non-smoker on your life insurance policy?

And it can be worse. In August 2006, the New York Times succeeded in tracing a series of anonymised search queries back to 62-year-old Thelma Arnold.

Knowing a person's search history is a real privacy issue, and it doesn't take much. In this video blog episode, we look at a JavaScript application that searches for past queries. Website operators can embed the code on their site and find out all kinds of sensitive information.

Click To Play

Next week: Password stealing Trojan

Previous episodes:
Attacking online applications for profit
Why botnet herders love adware

August 13, 2007 | Permalink | Comments (7)

Ah, this old chestnut. Experts are warning over emails distributed over the last few days purporting to contain pornographic images of celebrities.

Yeah, yeah, it goes without saying, they're *not* going to be images of naked celebs. Silly season is underway...

August 7, 2007 | Permalink | Comments (5)

Cross site scripting attacks are some of the most prevalent vulnerabilities in enterprise systems today. Although most of these flaws are fairly trivial, nearly everybody has been hit by one - including online giants such as Google and Yahoo.

In the second episode of our video blog series, we'll demonstrate how attackers can look for cross site scripting vulnerabilities on a website and then exploit them to steal confidential information. The website is set up for the purpose of the demo - no mission critical core was harmed during the creation of this video.

Click To Play

next week: Search history theft

Previous episode: Why botnet herders love adware

August 7, 2007 | Permalink | Comments (4)