I’m falling way behind in links that people have been sending me, so rather than post about each one, I’m doing something unprecedented on this site and throwing them all into one post. Yes, there’s lots to talk about, but I’ve been swamped over the last few weeks and will continue to be swamped for another two weeks (on a long term client engagement). So here goes:
Today christ1an launched a new new aggregation website for web application security called Planet-websecurity.org. If you want to get all your web app sec news in one place, this might be a useful service for you to check out. Right now there are only 7 sites or so being culled together (this site is included) but I’m sure more will come in time.
There are many XSS vulns in Wordpress themes. This is an oldy but a goodie. I don’t use any downloaded themes, because they never go through any sort of third party review (or first party for that matter). And if you don’t want to take my word for it, check out this site. Nasty.
It’s the National Internet Safety Month in June. Do you think we’ll see any drop in identity theft? If the US government is doing campaigns on how to protect yourself, and most of us haven’t even heard about it, I think the money is probably not particularly well spent - especially considering how education doesn’t equate to a drop in fraud ratios. Why can’t I choose not to spend my tax money on things I know will fail? Wouldn’t that be nice? More info on Mustlive’s site.
Ken Clarke sent me an email a while back about how the FBI is having a bot roast. Let’s break the backbone of robots! While a cool project, I’m not sure they are going to get too far without help from the community. I’d love to see a clearing house for this stuff, a la APWG and Cloudmark. Anyone have some disc space and want to write a plugin into mod_security? I think you’d have a big reaction from the community.
Sorry for being so behind on some of this - some of this stuff is a month or more old, but it’s still interesting, and I just never found the time to write about any of it.