Weekly Edition
Return to the Security pageRecent Features
| |||||||||||||
Fortify Software documents Web 2.0 vulnerability
Fortify Software has
announced the release of a new
security advisory
on JavaScript Hijacking.
"Fortify Software, the
leading provider of security products that help companies identify, manage
and remediate software vulnerabilities, today announced that its Security
Research Group has documented the first major vulnerability associated
specifically with Web 2.0 and AJAX-style software. Termed JavaScript
Hijacking, the vulnerability allows an attacker to steal critical data by
emulating unsuspecting users. To combat this issue, Fortify has released an
in-depth security advisory that details this vulnerability, how enterprises
can determine if they are vulnerable and how they can fix the issue."
(Log in to post comments)
Fortify Software documents Web 2.0 vulnerability Posted Apr 5, 2007 3:54 UTC (Thu) by sitaram (subscriber, #5959) [Link] I have started urging everyone I know to get into the habit of separating the surfing of untrusted sites from that of trusted sites or sites that have your personal info, inconvenient as it may seem.
There are many ways to actually do this, and that's a personal choice. Konqueror for trusted sites, firefox+noscript for others is one way. Clearing all privacy data (for extra paranoia, restarting firefox) before logging onto a trusted site is another. Using different profiles in firefox (haven't tried this) is a third.
web security: reducing spyware powers Posted Apr 5, 2007 12:17 UTC (Thu) by pjm (subscriber, #2080) [Link] I have separate user accounts for financial things, which I access from a separate X session. This gives fairly complete separation.
(As a convenience, these users might have a ~/.xsession file ending in ‘exec some-webbrowser’ or similar.)
|
|||||||||||||