Archive for the ‘Security’ Category
Hostulan on August 11th, 2008
If web application security is not taken care of, meaning that web application vulnerability is allowed to happen, then your entire database of sensitive information is at serious risk. Recent research shows that 75% of cyber attacks are done at web application level. Hence ensuring web application security is crucial. Firewalls and SSL provide no web application security nor protection against web application hacking, simply because access to the website has to be made public.
Web applications often have direct access to backend data such as customer databases and, hence, control valuable data and are much more difficult to secure. Some hackers, for example, will take advantage of web application vulnerabilities and may maliciously inject code within vulnerable web applications to trick users and redirect them towards phisphing sites.
Hostulan on August 10th, 2008
A new SQL injection attack that had infected thousands of MSSQL-based web servers this past weeks, is turning them into malware delivery websites. Basically this new attack apparently changes the websites to have javascript which will make your visitors to receive malware as if you were the one who added them.Sites using sybase are very vulnerable to this malware.
‘Similar to phishing, this attack takes advantage of the website visitor’s trust in the site they are visiting. Instead of phishing for information, however, malware is sent to the client, which the client has a higher likelihood of accepting being from a trusted site.
Hostulan on August 1st, 2008
One of the many security issues in websites and wich is very common now at days is the SQL Injection which is one of the many web attack mechanisms used by hackers to steal data from websites.Basically It is the type of attack that takes advantage of not well coding of your web applications that allows hacker to inject SQL commands into say a login form to allow them to gain access to the data held within your database.
The thing with sql injection is that if a hacker is able to send sql commands through your web applications, he can basically delete edit and do new tables in u mysql databases. Some of the things you can do to prevent this injection sql is to have in ur web hosting server a firewall wich can help to stop some intrusions.
Hostulan on July 25th, 2008
A lot of worms are spread in the internet and one of this new worms its very tricky since this new worm disguises itself as an image file. Don’t ever accept an installation message for an image file. An image file should never ask you to install it. The worm is similar to the CommWarrior mobile virus, and initially fooled researchers into believing that it was not new. So if you receive any installation program never accept it unless you started it yourself.
Hostulan on June 14th, 2008
Now at days more malware threats appear everyday and to be up to date of the upcoming malware threats in the coming year is very important so we can prevent them. This malware menaces are comming new everyday such as badvertising, adsploits, anti-social networking, lieware, and whaling. Some of this malware are refer to criminal advertising using terms like “spam,” “adware,” and “spyware.” also some of this advertising contain trojans which can be found from potentially malicious providers.
Gaming PageRank to get one’s malware site prominent placement on a search result page has proven to be an effective way to compromise the computers of unwary visitors. Snookies, which stands for sneaky cookies, or subdomain cookies, look like they’re coming the Web domain of the site visited, but the subdomain they come from. Also cyber criminals step up efforts to pillage personal information from the likes of Facebook, MySpace, and Orkut. Google squashed the Orkut worm that emerged in December quite quickly but it’s a safe bet that schemes to steal social networking data will become more common.
Hostulan on June 3rd, 2008
There are a lot malware attacks in the internet and one of those is DDoS attack mechanisms; one of the more well known examples of this was MyDoom. Its DoS mechanism was triggered on a specific date and time. This type of DDoS involved hardcoding the target IP address prior to release of the malware and no further interaction was necessary to launch the attack.
It is important to note the difference between a DDoS and DoS attack. If an attacker mounts a smurf attack from a single host it would be classified as a DoS attack. In fact, any attack against availability would be classed as a Denial of Service attack. On the other hand, if an attacker uses a thousand zombie systems to simultaneously launch smurf attacks against a remote host, this would be classified as a DDoS attack.
