Category: Security

eBay and PayPal DNS hijacked by Syrian Electronic Army

Earlier today, the nameservers on the ebay.co.uk and paypal.co.uk domain were changed to ns1.dnforu.com and ns2.dnforu.com in an apparent hijack. It seems that the Syrian Electronic Army are now claiming responsibility for this on Twitter. They have posted screenshots of the eBay/PayPal MarkMonitor account where they were able to manage the domains in question as well as seemingly had access...

Tags used by OWASP CRS ModSecurity rules

I couldn’t find a definitive list of the tags used by the OWASP CRS ModSecurity rules, so after a bit of faffing around, here’s what I’ve come up with for the “base” rules in OWASP CRS version 2.2.9 (current at the time of writing). I’ve tried to group them together as best I can: Web Attack: OWASP_CRS/WEB_ATTACK/XSS OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL OWASP_CRS/WEB_ATTACK/RFI OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION...