Written on
July 8, 2008
by
Administrator
Top Ten Reasons why Websites Get Hacked
Experts say most Web applications can be hacked. Here are the top ten vulnerabilities that could put your Web site at risk.
1. Cross site scripting
2. Injection flaws
3. Malicious file execution
4. Insecure direct object reference
5. Cross site request forgery
6. Information leakage and improper error handling
7. Broken authentication and session management
8. Insecure cryptographic storage
9. Insecure communications
10. Failure to restrict URL access
SOURCE: OWASP (the Open Web Application Security Project)
Related Links For added reading : NetworkWorld.com
Posted in : : Hacks - Info - Threats - Web Security : : No Comments »
Written on
June 7, 2008
by
Administrator
Probe : Unusual attempts to gain access or discover something about system.
Scan : Many probes done using an automated tool.
Account Compromise : Unauthorized use of a computer account by someone other than the account owner.
Root Compromise : Similar to an account compromise, except that the account that has been compromised has special privileges on the system.
Packet Sniffer : A program that captures data from information packets as they travel over the network.
Denial of Service : The goal of denial-of-service attacks is to prevent legitimate users of a service from using it.
Exploitation of Trust : Computers on networks often have trust relationships with one another. For example, before executing some commands, the computer checks a set of files that specify which other computers on the network are permitted to use those commands. If attackers can forge their identity, appearing to be using the trusted computer, they may be able to gain unauthorized access to other computers.
Malicious Code : Programs like viruses, worms and Trojan horses.
Internet Infrastructure Attacks : Rare attacks on network name servers, network access providers, and large archive sites.
Source
Posted in : : Network Security - Web Security : : No Comments »
Written on
May 27, 2008
by
editor
by: Djai Tanji
Google is now adding Web security for net surfing and remote workers to its Google Apps set of office tools. Google Web Security for Enterprise comprising real time malware protection and URL filtering with policy implementation and reporting and this was made possible by Postini, which was last year’s acquisition of security vendor. There is an additional feature that extends the same protections to users who works remotely on laptops in cafes, hotels, restaurants and guest networks. This allows companies to protect their networks from Web-based malware , implement internet use policies at the user, company level and workgroup, and Google Web security will receive comprehensible reporting on all web activities.
Posted in : : Uncategorized : : No Comments »
Written on
May 23, 2008
by
editor
by: Djai Tanji
McAfee and Yahoo announced their partnership on Web’s security wherein Yahoo’s search engine is making available to users the warnings about unnecessary and malicious code on Web sites that will be detected through McAfee’s security technology. McAfee calls the technology, SiteAdvisor and this has been integrated into Yahoo’s search engine mechanism making a user, after performing a search, obtain the flagged sites after clicking “searchscan.†However, no Yahoo advertisers will be picked up and flagged in the SiteAdvisor. The yahoo security warning system does not block users from accessing the page but will recommend to avoid the flagged content. With all this preclusion of users from visiting malicious websites, yahoo will lessen the channels obtainable for spam, adware, malware and phishing to spread.
Posted in : : Uncategorized : : No Comments »
Written on
May 20, 2008
by
editor
by: Djai Tanji
The substantial SQL injection attacks that struck Microsoft-based websites claimed as one of its victims Autoweb which is a U.K. based advertising and marketing site. The continuous attack that hits Autoweb exploited susceptibility in a single line of code in the web application to cut through the company’s Microsoft SQL database and knock the site offline. Autoweb’s IT staff then realized that database tables which stores content provided by car dealers had been overwritten with a 30-character script and that gave them a window of opportunity. Autoweb blocked the attacks by looking at log files which originated from IP addresses in China. Autoweb did an everyday backing up and asked assistance from Secerno, a U.K. based firm to build a database security appliance.
Posted in : : Uncategorized : : No Comments »
Written on
May 16, 2008
by
editor
by: Djai Tanji
ScanSafe offers a “Web Security as a Service†when report presents state of global information security threats. This offer by ScanSafe provides a managed service which means that there is nothing for customers to install or maintain on-premise, routing its clients’ web traffic by secure proxies to scan content in real-time that will secure them from malware and also give a way for them to impose acceptable web usage policies. They were able to scan more than 80 billion web requests and blocked more than 800 million web threats in 2007 on behalf of corporate customers in more than 50 countries. And password stealing malware was the most frequent type of attacks in the blocked events which was about 37% of total attacks.
Posted in : : Uncategorized : : No Comments »
Written on
May 10, 2008
by
editor
by: Djai Tanji
When you connect to the internet, IP address will be used to identify your PC which means that your IP address is public. So if you do not use security, your IP address will be used to access your computer from the outside world. Bad news is, if you have a fixed IP address, internet crackers can have a lot of time to search for entrances in your computer and have access to your unprotected private data. But if you are using a modem with a dial-up connection, you will get new IP addresses each time you connect to the net. DSL and internet cables are mere samples of fixed internet connections.
Posted in : : Uncategorized : : No Comments »
Written on
May 8, 2008
by
editor
by: Djai Tanji
Bad news is, many Microsoft Window users are not aware of common security leaks in their network settings. The common setup for Microsoft Windows’ network computers is: Client for Microsoft Networks, NetBEUI Protocol, File&Printer Sharing for Microsoft Networks, and Internet Protocol TCP/IP. But if your setup allows NetBIOS over TCP/IP, you can have a security problem because this means that your files can be shared all over the web world; and that your log-on name, computer name and workgroup name will be visible for public viewing. Also, if your setup allows File and Printer Sharing over TCP/IP, this also means that your files can be shared all over the net. And it doesn’t mean that you’re safe if your computer is not connected to any network. It can also have dangerous settings because your network settings were changed during the time when internet was installed.
Posted in : : Uncategorized : : No Comments »
Written on
May 5, 2008
by
editor
by: Djai Tanji
Before, when a website uses Secure Sockets Layer (SSL) and when the traffic is encrypted, it is as good as a secured website. But unfortunately, Encryption or that little lock that usually appears in your browser does not completely make a website secure because if your site you are submitting personal data to contains a Vulnerability, this means that an attacker can steal your data. Some sites may contain logos with “secured by ____†but you should not rely on that. A website owner can just copy the image and save thousands of dollars doing that. Better keep in mind that there are specific rules about web security for certain types of sites as well.
Posted in : : Web Security : : No Comments »
Written on
May 2, 2008
by
editor
by: Djai Tanji
RSS was only known before as a “techie tool†but has now grown at a lightening speed and has become a tool that is continuously being utilized by the general population. RSS’ security has been questioned as it gains enormous popularity. But RSS’ podcasting phenomenon is where its vulnerabilities lie. RSS can be used in distributing file types like word documents, images, mp3 files, etc which can be a root of concern although most people may not feel that the risk is significant. They think that by choosing the content that they receive in their mails, security should not be something to be worried about, which is quite wrong. The danger lies in the mere fact that lots of RSS readers, pod-catchers or news aggregators automatically download information contained in the enclosure field despite its file type or source.
Posted in : : Uncategorized : : No Comments »
