Top Ten Reasons why Websites Get Hacked

Experts say most Web applications can be hacked. Here are the top ten vulnerabilities that could put your Web site at risk.

1. Cross site scripting
2. Injection flaws
3. Malicious file execution
4. Insecure direct object reference
5. Cross site request forgery
6. Information leakage and improper error handling
7. Broken authentication and session management
8. Insecure cryptographic storage
9. Insecure communications
10. Failure to restrict URL access

SOURCE: OWASP (the Open Web Application Security Project)

Related Links For added reading : NetworkWorld.com

Posted in Hacks, Info, Threats, Web Security No Comments »

Probe : Unusual attempts to gain access or discover something about system.

Scan : Many probes done using an automated tool.

Account Compromise : Unauthorized use of a computer account by someone other than the account owner.

Root Compromise : Similar to an account compromise, except that the account that has been compromised has special privileges on the system.

Packet Sniffer : A program that captures data from information packets as they travel over the network.

Denial of Service : The goal of denial-of-service attacks is to prevent legitimate users of a service from using it.

Exploitation of Trust : Computers on networks often have trust relationships with one another. For example, before executing some commands, the computer checks a set of files that specify which other computers on the network are permitted to use those commands. If attackers can forge their identity, appearing to be using the trusted computer, they may be able to gain unauthorized access to other computers.

Malicious Code : Programs like viruses, worms and Trojan horses.

Internet Infrastructure Attacks : Rare attacks on network name servers, network access providers, and large archive sites.

Source

Posted in Network Security, Web Security No Comments »

by: Djai Tanji

Before, when a website uses Secure Sockets Layer (SSL) and when the traffic is encrypted, it is as good as a secured website. But unfortunately, Encryption or that little lock that usually appears in your browser does not completely make a website secure because if your site you are submitting personal data to contains a Vulnerability, this means that an attacker can steal your data. Some sites may contain logos with “secured by ____” but you should not rely on that. A website owner can just copy the image and save thousands of dollars doing that. Better keep in mind that there are specific rules about web security for certain types of sites as well.

Posted in Web Security No Comments »

The FBI called for new legislation that allows the federal police to keep close look at internet activity to track down illegal activities. This seem to go beyond a current plan to monitor traffic on federal-government networks, and that the bureau should have a broad “omnibus” authority to conduct monitoring and surveillance of private-sector networks as well. This could violate the Fourth Amendment’s guarantee of freedom from unreasonable searches and seizures. In general, courts have ruled that police need search warrants to obtain the content of communication

Source

Posted in Info, Network Security, Threats, Web Security No Comments »

Suspecting a spyware in your system? Here are some tips on how you could get rid of spyware in your computer:

1. Get, install and periodically run Ad-aware and Spybot Search & Destroy.
2. To prevent reinfection by Aureate/Radiate - search for advert.dll on your system. If it’s there and if you can, delete it (Ad-aware will do this for you). Then create an empty text file, name it advert.dll, make it read-only and save it in your Windows/System directory. Then configure Ad-aware (version 5 or later) to ignore advert.dll.

Posted in Hacks, Info, Network Security, Prevention, Threats, Tips, Web Security No Comments »

A spyware is computer software that is classified as privacy-invasive. This is installed covertly on a personal computer. Once installed, it can monitor the user’s behavior, collect personal information like surfing habits and sites that visited. It can interfere with user control of the computer such as installing additional software, redirecting Web browser activity, accessing websites blindly that will cause more harmful viruses, or diverting advertising revenue to a third party. It can change computer settings, resulting in slow connection speeds, different home pages, and loss of Internet or other programs.

Posted in Hacks, Info, Network Security, Threats, Web Security No Comments »

An IDS or Intrusion Detection System is a system that detects the misuse of network or computer resources. It uses a number of sensors to detect intrusions. Some of these may be the following: a sensor to monitor TCP connection requests, log file monitors, or file integrity checkers.

The IDS system collects data from its sensors and analyzes this data to alert the administrator if there is malicious activity on the network. It is commonly divided into NIDS (Network Intrusion Detection Systems) and HIDS (Host Intrusion Detection Systems). Newer NIDS also attempt to act as NIPS (Network Intrusion Prevention Systems). An example of an excellent open source Network Intrusion Detection System is SNORT

Posted in Network Security, Web Security No Comments »

Accounting refers to the tracking of the consumption of network resources by users. This information may be used for management, planning, billing, or other purposes. Real-time accounting refers to accounting information that is delivered concurrently with the consumption of the resources. Batch accounting refers to accounting information that is saved until it is delivered at a later time. Typical information that is gathered in accounting is the identity of the user, the nature of the service delivered.

Posted in Network Security, Web Security No Comments »

Authorization is the granting of specific types of privileges or barring privileges to an device or a user based on their previous authentication, what privileges they are requesting, and the current system state. This may be based on restrictions, for example time-of-day restrictions, or physical location restrictions, or restrictions against multiple logins by the same user. Most of the time the granting of a privilege constitutes the ability to use a certain type of service. Examples of types of service include, but are not limited to: IP address filtering, address assignment, route assignment, QoS/differential services, bandwidth control/traffic management, compulsory tunneling to a specific endpoint, and encryption.

Posted in Network Security, Web Security No Comments »

The AAA Protocol (Authentication, Authorization, and Accounting) is a model designed to make computers secure.

Authentication is proving who you are. It refers to the process of establishing the digital identity of one entity to another entity (a user, client, computer, etc. to a server or computer). It is traditionally accomplished by using passwords but can include two factor authentication, one-time tokens, digital certificate, phone numbers, and biometrics. This comes before authorization because the entity’s identity must be checked before it is allowed access to the system.

Posted in Network Security, Web Security No Comments »