Millions of Passwords leaked from Social Site Formspring

Formspring, a social Q&A website popular with teenagers,this week disabled its users' passwords after discovering a security breach. Formspring founder and CEO Ade Olonoh apologized to users for the inconvenience, and advised them to change their passwords when they log back into Formspring. A bl...

Hackers from China Target, Hit U.S. Chamber of Commerce

A band of hackers from China was able to gain access to the U.S. Chamber of Commerce and retrieve information on the organization’s employees for over a year before they were discovered in May 2010, according to a report in the Wall Street Journal today. The hackers infiltrated Chamber of Commerc...

Make XWork ParametersInterceptor safe from parameter injection attacks

The XWork ParametersInterceptor is a security nightmare as it gives user input submitted form parameters unfettered access to getter/setter methods on action objects. In addition, the interceptor has been shown in the past to be vulnerable to Unicode attacks. Rather than fight a constant and ofte...