Direct Links
english
deutsch

FileBox Login
Offene Stellen / Jobs
 

Microsoft Outlook Web Access Vulnerability

October 15, 2008; Martin Suess

The vulnerability found targets the Outlook Web Access application for Microsoft Exchange 2003. A valid user can be redirected to a malicious website when clicking on a specially crafted URL which can be sent to the user by email. If the user is logged in, he is redirected instantly - if he is not logged in yet, the login page will be displayed and he will be redirected after successful login. This vulnerability can be used to redirect the user to a phishing website which shows the (faked) login screen and getting the users logon credentials as soon as he tries to log in on the faked site.

Links:
 

News

Fake job advertisement "Software Tester"
8/24/10 - Using various German Internet portals, a Mr Jackob Jochanson of itanalyticer is searching Software Testers in our name.

Practical workshops on the topic of Web Application Security facilitate proactive hacking defence
8/19/10 - On the occasion of the it-sa 2010 Compass Security AG conducts two workshops on „Web Application Security“. From 19 to 20 October, respectively from 21 to 22 October, the participants take on the role of the hacker and thus get to know the weapons of their opponents so far unknown to them. These especially designed events include a visit of the meeting point of the trade at the Congress Centre in Nuremberg (19 to 21 October 2010). Thus, workshop attendants gain an extra bonus: They benefit from short travelling distances, opportunities for networking, utilizing the infrastructure of the trade fair as well as being able to take part in the evening events.

August 23 - 27, 2010 - IT Security Week, Copenhagen (DK)
8/18/10 - Liga Distributions ApS will organize from August 23 to August 27 the IT Security Week in Copenhagen.

Compass invites to the Security Event 2010
6/7/10 - On Thursday, September 09, 2010 Compass Security AG organise their annual "Compass Event". For this seminar the ICT security service provider invites customers and other interested persons to the auditorium of the HSR University of Applied Sciences in Rapperswil / Switzerland. From 08:30 to 17:00 the participants benefit from the latest findings and experiences about ITC security in the frame of presentations, Live-Hacking demonstrations and speeches. A red-hot topic is brought up by Nicolas Seriot in his guest speech "iPhone-Hacking".

New at Compass: "FileBox" as an Appliance
5/25/10 - Compass Security AG have further developed their Web based transfer solution "File Box" and launched an appliance. Companies keep thus complete control of their data as the appliance is located on their own premises. The multitenant solution addresses mainly target groups who are dependent on a safe data transfer with customers or business partners, such as banks, insurance companies, chartered accountants, trustees, lawyers or medical doctors.