Article Search Engine
Articles tagged with SECURITYFail Whale. Phishing link love1:26pm Friday 06 April 2012
Tags: twitter spam security phishing recruitment adecco myrecruitonline Hey recruitment industry.... Time to change your passwords. Here are 2 of the 100 or so message I have had over the past week.
read more..."Attaging" with QR Codes - The security threat for mobile recruitment9:21pm Tuesday 04 October 2011
Tags: qr codes mobile recruitment qr code reader android security virus mobile marketing attaging attack tagging I love all the hype around mobile recruitment. Apparently, QR codes are all the rage at the moment. Hands up those who have a QR code reader on their phone. Most likely the answer is QR what?
read more...Typo squatting and the doppelganger domain threat 2:20pm Tuesday 04 October 2011
Tags: security man in the middle recruitment security doppelganger domains domain names subdomains What could you do with 20GB of your competitors sensitive email correspondence without anyone even noticing? A report released by security researchers analysing the effect of doppelganger domain traffic belonging to Fortune 500 companies was able to collect 20GB of misaddressed email over a 6 month period.
read more...XSS is a serious problem7:00am Tuesday 19 July 2011
Tags: recruitment software job boards job board software xss owasp security hacking javascript I've written about XSS (cross-site scripting) numerous times on this blog. If you run a job board, or manage your recruitment website take note... XSS is a very serious problem!
read more...2011 - Year of the free resume10:00am Sunday 16 January 2011
Tags: security free resumes recruitment system online recruitment seo It's only 2 weeks into the New Year, and it comes as no surprise to anyone who works in the online recruitment industry that the lack of security around resumes allows anyone with basic boolean knowledge to find resumes. Wouldn't it be great if one of your competitors has all their candidate resumes online?
read more...OWASP Top 10 and your Recruitment Website - Part 24:37pm Thursday 09 December 2010
Tags: recruitment security recruitment websites owasp job boards dmitry kulshitsky security hacking insecure direct object references xss sql injections cross-site request forgery csrf In part 1 of this series we started a conversation about the OWASP Top 10 most prevalent security vulnerabilities and how relevant these issues were to a typical recruitment web site. In the 2nd part we will review the next 2 items from this list.
read more...OWASP Top 10 and your Recruitment Website - Part 18:30am Monday 09 August 2010
Tags: dmitry kulshitsky security recruitment website job board owasp sql injection xss cross-site scripting broken authentication session management login form design hacking website security user authentication OWASP has recently updated their list of the top 10 most prevalent security vulnerabilities. Since this list covers all major aspects of computer security it is interesting to check what are the issues that are relevant to a typical recruitment website or job board and (exercising the 80/20 rule) what are the key questions we should ask ourselves (or our IT/security staff) to be sure that we don't miss anything critical.
read more...You Are Here!1:58pm Monday 28 June 2010
Tags: geolocation html5 api location services candidate stalking google maps geolocation api foursquare security online recruitment Soon, all browsers will support the HTML5 Geolocation API by default. Geolocation is the core function behind sites like Foursquare which can work out where you are located. I have previously talked about using Geolocation services used for sourcing or stalking candidates, but it does have some other uses in online recruitment.
read more...Is your job board PCI DSS compliant?8:30am Monday 07 June 2010
Tags: pci dss job board compliance payment card industry data security standard credit card payments security visa mastercard pci dss access controls The most common method job boards use to accept payments is via a credit card. If you accept, process or store credit card information, you have to accept the responsibilities of being PCI compliant.
read more...Please review my CV - Trojan Horse10:35pm Tuesday 11 May 2010
Tags: virus resume job board recruitment website antivirus software resume virus security trojan horse trojan sasfis candidate resume Do you virus scan all candidate resumes and other documents before you open them? Chances are YOU may be the perfect candidate these people are looking for.
read more...Are you using WordPress for your Recruitment Website? Check your security12:01pm Monday 19 April 2010
Tags: wordpress wordpress recruitment website hack insecure software directory listings network solutions database password web application security wordpress job board software security Do you use WordPress? Are you aware of the security implications around the software? Over the past week, thousands of WordPress websites have been compromised with malicious malware code inserted into the database
read more...How secure is your Recruitment website? Part 5 - Cross-site scripting (XSS)8:00am Tuesday 30 March 2010
Tags: cross site scripting xss insecure recruitment websites job board security how secure is your recruitment website defacement dmitry kulshitsky untrusted data According to OWASP, cross-site scripting (XSS) flaws occur whenever an application takes untrusted data and sends it to a web browser without proper validation and escaping. XSS allows attackers to execute script in the victim’s browser which can hijack user sessions, deface web sites, or redirect the user to malicious sites.
read more...jobs.govt.nz igovt login system5:30pm Tuesday 15 December 2009
Tags: igovt igovt login identiy verification system new zealand government government jobs.govt.nz government jobs ivs openid facebook connect security fairfax digital mycareer username password user system identity theft identity management systems user authentication Over the past few years, the New Zealand government has been working on a single all-of-government logon service (igovt) and identity verification service (IVS). This will allow users to use the same logon details to access all participating government service provider's online services.
read more...Rejecting Candidates based on IP Address2:48pm Friday 30 October 2009
Tags: candidates rejection ip address ip blocking discrimination security candidate rejection overseas candidate pay for performance migration job board job site We now rely on using technology in the recruitment process more than ever. But should we place 100% of our trust in rejecting candidates based solely on their IP address?
read more...Is your Job Site redirecting Candidates to insecure websites?5:30pm Wednesday 07 October 2009
Tags: api hacking google safe browsing api job board recruitment website safety security php script md5 hash malware blacklist phishing database email encryption exploit mysql privacy sql injection vulnerability identity theft Have you ever clicked on what you thought was a safe website URL and then all of a sudden your browser/antivirus software blocks the webpage? Every day, I am alerted to yet another recruitment website falling victim to some sort of security incident. If you own or manage a website, YOU are responsible for your website’s security and have an implied "duty of care" to provide safe 3rd party links.
read more...How secure is your Recruitment website? Part 4 - SQL Injection11:17am Wednesday 19 August 2009
Tags: hacking security job board recruitment websites malicious code sql injection insecure job search form testing apostrophe hack database security identity theft Database security is a huge issue at the moment - imaging having your whole database stolen and distributed to your competitors or being used for identity theft? SQL Injection attacks present a serious threat to the security of a recruitment website and it is essential that adequate countermeasures are taken to prevent such an attack from being successful.
read more...My job site has been hacked. What do I do?10:16pm Sunday 05 July 2009
Tags: security job board malicious code insecure hacking personal information defacement privacy.gov.au information security security breaches recruitment website wordpress drupal google webmaster tools damage control If you think your website is safe, think again. Over the weekend 6 job sites were hacked and defaced. One of the first things that comes to my mind when I see that horrible “You’ve been hacked” message is… I wonder what information has been stolen? passwords, contact details, resumes, credit card/banking details, etc.
read more...How secure is your Recruitment website? Part 3 - Hidden iframe injection6:06pm Thursday 18 June 2009
Tags: virus ahri hrcareers.com.au iframe injection malicious code recruitment websites job board security hacking insecure twitter malware A new malware attack has been making the rounds recently. It has infected a number of recruitment web sites, job boards and hosting servers. If you suddenly find that your website is triggering your anti-virus software and flagging it as a “dangerous site”, the culprit may be the hidden iframe injection hack.
read more...How secure is your Recruitment website? Part 2 - URL Manipulation1:20pm Saturday 06 June 2009
Tags: insecure job board recruitment website hacking security url manipulation url hacking url rewriting URL manipulation is a common issue faced in all database driven sites such as job boards, resume databases, blogs or any other site where parameters are passed via the URL. By manipulating certain parts of a URL, users may be able to access files they are not supposed to have access to.
read more...How secure is your Recruitment website? Part 1 - Server Directory Listings9:08pm Thursday 28 May 2009
Tags: hacking security rcsa recruitment website job board insecure careerone monster server directory listings Every day, I am informed of another insecure recruitment website. How could this still be possible? The economic downturn has lead to an increase in data theft, with recruitment agencies one of the easiest targets. Information is an asset that, like other important business assets, has value.
read more...HTML Special Character #39 - The Apostrophe11:23am Friday 15 May 2009
Tags: testing search form online recruitment recruitment agency job board html special characters apostrophe talent2 scott recruitment ross human directions linkme legal jobs centre jobspeed jobs.co.nz jobsjobsjobs greythorn dfp recruitment clements archijobs absolute security hacking If you do not encode special characters in web forms, you run the risk of breaking the search query or the ability to insert malicious code into the database. Hackers can infiltrate your website, potentially stealing confidential data or deleting the database. I am not going to go into the technical reasons why this happens, but in most cases it is a very easy fix.
read more...
