I phoned my bank to activate my card the other day. The automated voice required a date of birth and the number of digits in my Mother’s maiden name. Lets assume an attacker can get this information, lets be realistic, what could really happen?

Lets explore some ideas of what an attacker could do with enough […]

Having fun with FeedBurner Awareness API.

The FeedBurner Awareness API (AwAPI) allows publishers of FeedBurner feeds to reuse the detailed traffic statistics we capture for any of their feeds. Third-party applications and web services that consume feeds can leverage this data to provide useful feed awareness statistics to potential subscribers… - awarenessapi

In October 07, BlogSecurity released […]

I really love the Gravatar concept. Its simple, useful, powerful and centrally managed, but how secure is it to use on a blog or service?

Regular users may have already seen that we have implemented Gravatars onto BlogSecurity; so its safe to use then, right?

I made a point on our new BlogSec-News service a couple days […]

We got an interesting comment from Dave today that made me reflect on the question of when to update or upgrade your blog software.

Until you folks on this site tell me I’m not doing the update. WP always has some security issues when its released.

It may seem like a fairly simple question, but when should […]

Elazar recently released a buffer overflow proof of concept in Aurigma’s ImageUploader ActiveX plugin.

This ActiveX control is used by Facebook and I have seen it mentioned that MySpace is affected too. The vulnerability is only present for Internet Explorer users.

This vulnerability will allow an attacker to execute commands on your computer via your browser.

This has […]