Thanks to our reader Adam we received some additional information regarding recent ColdFusion hacks.

WAVDB 是Web Application Vulnerability DataBase(Web应用程序漏洞数据库)，是由Code Defense Lab建立并维护的国内唯一一个专注于Web应用程序漏洞数据库，WAVDB囊括了国内外大部分的Web应用程序漏洞以及缺陷，从1993年至今 WAVDB已经收集并且整理了652个程序厂商1300多条漏洞信息。

「鬼網」的曝光是由於達賴喇嘛辦公室懷疑電腦遭入侵，委請電腦安全專家專家檢查，多倫多大學蒙克國際研究中心(Munk Center for International Studies)發現，不僅達賴喇嘛在印度的流亡政府、布魯塞爾、倫敦、紐約辦公室的電腦遭祕密植入惡意軟體，長達10個月的相關調查並揭發了更廣泛的電子間諜活動，研究人員已把調查發現通知國際司法機構。

ManTech Memory DD (MDD) (http://www.mantech.com/msma/MDD.asp) is released under GPL by Mantech International. MDD is capable of copying the complete contents of memory on the following Microsoft Operating Systems: Windows 2000, Windows XP, Windows 2003 Server, Windows 2008 Server.

平常用 Yahoo 搜尋引擎的人要特別注意了。搜尋結果會出現帶有 XSS 攻擊的連結，若是連結目標網站存在 XSS 漏洞，會導致網頁掛馬的攻擊手法，瀏覽者的瀏覽器軟體會遭受攻擊，系統有被植入惡意程式的風險。這可能是網頁掛馬手法的翻新利用，或者是 Mass SQL Injection 攻擊的後遺症。該惡意連結與先前<駭客集團於新年假期展開罕見之大規模SQL Injection攻擊>一文的惡意連結相同。

“Budgeting” is a word I’ve been hearing a lot of questions about recently, which is another data point demonstrating that Web application security and software security are increasingly becoming a top of mind issue. The challenge that many security professionals face is justifying the line item expense for upper management. Upper management often asks, “How much do we need to spend?” well before “What do we need to spend it on?” I was talking with Boaz Gelbord (Executive Director of Information Security of Wireless Generation) and several others about this, and they provided keen insight on the subject. I have identified the following approaches to justifying security spending:

「傳說只要拔到獅子身上的鬃毛, 就可以幫網站做 SEO, 別再相信沒有事實根據的說法了」, 如果以後還有人叫你去拔鬃毛, 記得跟他說:「閃開, 讓專業的來」

one of my friends has emailed me this magics, but I found it funny to post.
I know it is old one, so don't be smart to tell me that it is old noob.

OWASP APPSEC 2008 Conference在线视频