Archive for September, 2009
by FireHost Evangelist on September 29th, 2009
If you weren’t able to attend DrupalCon Paris at the beginning of the month, well… frankly, you’re not alone. Many of our Western counterparts didn’t make the trek to gay Paris. We didn’t go either, but we’ve decided to direct our effort away from being bitter about missing the show to bringing you some of the great updates from Drupal.
One of our favorite excepts is by Heine Deelstra. Mr. Deelstra is a member of the Drupal Security Team, and he has been a Drupal user for over 4 years. His presentation at DrupalCon focuses on securing Drupal code.
In an exceptionally thorough explanation of some of the biggest threats to Drupal users, Mr. Deelstra reveals the most prevalent and annoying hacker exploits. His presentation explores the cause for attacks like Access Bypass, SQL Injections, CSRF (Cross Site Request Forgery), and XSS (Cross site Scripting). In summary:
(more…)
Tags: drupal conference, drupalcon, secure drupal, Secure Web Hosting
Posted in: Security | No Comments »
by FireHost Evangelist on September 29th, 2009
This week, we’re participating in InspiredMag’s Freebie Tuesday Promotion to offer two creative professionals the chance to win their very own Wacom Bamboo Pen & Touch pad.
- Step 1: Follow @FireHost and @InspiredMag on Twitter
- Step 2: Tweet the following phrase as many times as you’d like between Tuesday 9/29 and Monday 10/7 for a chance to win! “Get a Free Wacom Bamboo Pen & Touch from @FireHost and @InspiredMag http://bit.ly/Tfk2M”
You can improve your chances of winning the contest by posting a comment on InspiredMag’s contest page.
Good luck!
Tags: contests, freebie tuesday, giveaways, inspiredmag
Posted in: FireHost News | No Comments »
by FireHost Evangelist on September 25th, 2009
The Curious George childrens’ television show, which is run by the Public Broadcasting Service (PBS), was propagating malware from at least Monday until Thursday last week.
Nidhi Shah, a research scientist at Purewire told SCMagazineUS.com, “It’s not clear how how hackers were able to break into the site, but it is possible that they obtained the credentials to an FTP account or exploited an SQL injection vulnerability.”
The exploit manifested as a pop up for visitors to authenticate their session with a username and password before viewing the site contents. When users canceled the message screen or entered the wrong credentials, an error page informed them that they had failed to login properly. That error page contained JavaScript code which loaded malware from an exploit site targeting a number of known software vulnerabilities in Adobe Acrobat Reader, AOL Radio AmpX and SuperBuddy and Apple QuickTime. Any user not patched against these bugs received the malware.
(more…)
Tags: ftp vulnerability, Secure Web Hosting, Security Threats, SQL Injections
Posted in: Security | No Comments »
by FireHost Evangelist on September 22nd, 2009
The Koobface social networking Trojan has plagued Internet Explorer users for over a year now.
Back in December, the worm manifested as Facebook spam messages with video links. Once clicked, viewers were prompted to download Trojan malware disguised as a Flash Player upgrade. Anyone who followed the on-screen prompts installed Koobface’s proxy server on his or her computer and became a conduit for ad jacking and clickfraud schemes.
Today, Koobface carries out basically the same scheme in a similar way, but reports about the latest variant of the Trojan reveal that Firefox users are now susceptible to the hack.
Firefox was “protected” from earlier versions of Koobface because the browser stores cookies in different locations and formats than Internet Explorer. The new variation employs a tool capable of transforming credentials saved in Firefox’s proprietary format into a style compatible with IE which lets the rest of Koobface’s payloads work as usual.
(more…)
Tags: facebook spam, koobface, Secure Web Hosting, trojan malware
Posted in: Security | No Comments »
by FireHost Evangelist on September 18th, 2009
According to a report by SANS.org, OS vulnerabilities are patched more quickly than client-side vulnerabilities on average. In addition, some client-side software remains unpatched or is not updated throughout it’s lifespan. As a result, hackers have found exploiting popular client-side applications such as Adobe PDF Reader, QuickTime, Adobe Flash, and Microsoft Office to be quite lucrative.
Attacks against popular web applications such as these constitute more than 60% of all attacks on the internet, and some of the exploits don’t even require a user to open the downloaded document or file. Victims’ computers may be compromised by simply visiting an infected website masked with the perception of being a trustworthy, big, software brand.
Client-side vulnerabilities are so powerful because they give hackers a mask behind which to carry out exploits. Users feel confident downloading files from trusted sources or using tools and applications such as Microsoft SQL, FTP, and SSH that are perceived to be safe because of popularity and industry-wide user-acceptance.
(more…)
Tags: Prevent Hackers, Secure Web Hosting, Vulnerability Exploitation
Posted in: Security | No Comments »
by FireHost Evangelist on September 15th, 2009
Programming errors on RideMatch.info allow hackers to access names, home addresses, phone numbers, commuting schedules, and employee ID numbers for the service’s users according to an article featured in The Register.
The RideMatch.info flaw provides inadequate scrutiny of user-generated text entered in search boxes and fields throughout the website. Hackers exploit the SQL injection vulnerability by passing commands directly into the back end database.
The vulnerability was identified and reported in August by Kristian Hermansen, a security researcher who was required by his employer to sign up for the service. His report to The Register stated, “The reason I am bringing this to your attention is that the issue is not being fixed by the admins and most companies don’t even know that their employee’s personal and corporate information may be been compromised.”
To date, the exploit has exposed hundreds of employees’ sensitive information across several organizations in S. California, including at least one military entity.
(more…)
Tags: Hackers, security bugs, SQL Injections, Website Vulnerabilities
Posted in: Security | No Comments »
by FireHost Evangelist on September 11th, 2009
Windows 7 will be available to the public in October. It’s chocked full of new features and sports a modern look and feel, but beta tester Laurent Gaffie has identified a serious vulnerability lurking in the colorful background.
This particular vulnerability, SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D., is considered Medium to High severity. It’s triggered when “SRV2.SYS fails to handle malformed SMB headers for the functionality,” says Gaffie.
The flaw lies in a Server Message Block 2 (SMB2) driver and allows hackers to deploy a remote attack that could cause the infamous “blue screen of death” critical system error on both the 32-bit and 64-bit versions of Windows 7 OS. Other comments on Gaffie’s blog indicate that the flaw puts your computer at risk of a Dos attack and could lead to remote code execution.
Gaffie contacted Microsoft; they are investigating the report, but have no ETA on a patch. In the meantime, users can switch off the Server Message Block (SMB) feature or block TCP ports 139 and 445 at the firewall for protection.
Posted in: Web Hosting | No Comments »
by FireHost Evangelist on September 9th, 2009
We often hear Malware being referred to as a broad categorization for all bad things on the internet. In reality however, there are many different types of attacks that make up this threat category.
Data collected on the geographical distribution of malware “Phone Home” locations in the first half of 2009 shows that the USA hosts 35% of malware worldwide, followed by China (14%) and Brazil (8%). Additionally, cyber criminals use TCP port 80 most often for downloading and HTTP to transfer and send infections so they can avoid suspicion as these are both very common protocols.
Trojan malware rose the most in popularity in samples collected between January – June this year, and the penetration of viruses increased slightly. PUPs, Backdoors, and Worms declined just a little. Here’s how each category contributed to malware as a whole.
- Trojan – Trojans represent 55% of all Malware on the internet. Here’s how they work: Trojans perform a variety of malicious functions such as spying, stealing information, logging key strokes and downloading additional Malware.
- Backdoor (21%): Backdoors provide functionality for a remote attacker to log on and/or execute arbitrary commands on the affected system.
- Pup, a Potentially Unwanted Program (8%): PUPs are programs which the user may consent on being installed but may affect the security posture of the system or may be used for malicious purposes. Examples are Adware, Dialers and Hacktools/“hacker tools” (which includes sniffers, port scanners, malware constructor kits, etc.)
- Worm (6%): Worms self-propagate via e-mail, network shares, removable drives, file sharing or instant messaging applications.
- Virus (4%): Viruses propagate by infecting host files
(more…)
Tags: fraudtool, infostealers, malware, Secure Web Hosting, trojan
Posted in: Web Hosting | No Comments »
by FireHost Evangelist on September 4th, 2009
Unsuspicious HTML email (without attachments) has been and continues to be the dominant format for outgoing malicious spam. In the second quarter of 2009 however, spammers changed their strategy and started sending more plain text and image-based email spam according to IBM’s X-Force Team in the 2009 Mid-Year Trend & Risk Report.
The resurgence of image-based spam is interesting because this style of hacking attempt boomed in 2006-2007, but practically disappeared in 2008. Now that it’s back, there are some distinct trends in the subject, format, and techniques that make blocking these attempts fairly easy for most anti-spam filters.
- Most of the emails advertise pharmaceutical products – drugs, pills, etc
- Only a few of the emails use random pixels, and many have identical binaries
- The messages contain random text below an embedded image
- Most of the spam does not contain links that recipients can click, but they invite the user to visit a .com website that must be manually typed into a browser
- WHOIS information shown on the images reflects domain registrars that are infamous for URL Spam
(more…)
Posted in: Web Hosting | No Comments »
by FireHost Evangelist on September 1st, 2009
Overall, phishing attempts are down in the first half of 2009 as reported by IBM’s X-Force Team in the 2009 Mid-Year Trend & Risk Report.
The decrease is fueled by a decline in the number of traditional banks. Researchers speculate that this trend could be fueled by the financial crisis, or perhaps improved security measures when users login to “real” banks online is playing a role. Make no mistake however, hackers aren’t slowing down. They seem instead to be targeting Online Payment institutions instead as reflected in the rise of attacks over the last 18 months.
To further reinforce the movement toward Online Payment institutions, PayPal is mentioned in two of the top five subject lines from this year. (PayPal is included four times if you extend the list to the top ten slots.)
(more…)
Tags: Hackers, Phishing, Secure Web Hosting
Posted in: Web Hosting | No Comments »
