Archive for September, 2009
by FireHost Evangelist on September 29th, 2009
If you weren’t able to attend DrupalCon Paris at the beginning of the month, well… frankly, you’re not alone. Many of our Western counterparts didn’t make the trek to gay Paris. We didn’t go either, but we’ve decided to direct our effort away from being bitter about missing the show to bringing you some of the great updates from Drupal.
One of our favorite excepts is by Heine Deelstra. Mr. Deelstra is a member of the Drupal Security Team, and he has been a Drupal user for over 4 years. His presentation at DrupalCon focuses on securing Drupal code.
In an exceptionally thorough explanation of some of the biggest threats to Drupal users, Mr. Deelstra reveals the most prevalent and annoying hacker exploits. His presentation explores the cause for attacks like Access Bypass, SQL Injections, CSRF (Cross Site Request Forgery), and XSS (Cross site Scripting). In summary:
(more…)
Tags: drupal conference, drupalcon, Secure Cloud Hosting, secure drupal
Posted in: Security | No Comments »
by FireHost Evangelist on September 29th, 2009
This week, we’re participating in InspiredMag’s Freebie Tuesday Promotion to offer two creative professionals the chance to win their very own Wacom Bamboo Pen & Touch pad.
- Step 1: Follow @FireHost and @InspiredMag on Twitter
- Step 2: Tweet the following phrase as many times as you’d like between Tuesday 9/29 and Monday 10/7 for a chance to win! “Get a Free Wacom Bamboo Pen & Touch from @FireHost and @InspiredMag http://bit.ly/Tfk2M”
You can improve your chances of winning the contest by posting a comment on InspiredMag’s contest page.
Good luck!
Tags: contests, freebie tuesday, giveaways, inspiredmag
Posted in: FireHost News | No Comments »
by FireHost Evangelist on September 25th, 2009
The Curious George childrens’ television show, which is run by the Public Broadcasting Service (PBS), was propagating malware from at least Monday until Thursday last week.
Nidhi Shah, a research scientist at Purewire told SCMagazineUS.com, “It’s not clear how how hackers were able to break into the site, but it is possible that they obtained the credentials to an FTP account or exploited an SQL injection vulnerability.”
The exploit manifested as a pop up for visitors to authenticate their session with a username and password before viewing the site contents. When users canceled the message screen or entered the wrong credentials, an error page informed them that they had failed to login properly. That error page contained JavaScript code which loaded malware from an exploit site targeting a number of known software vulnerabilities in Adobe Acrobat Reader, AOL Radio AmpX and SuperBuddy and Apple QuickTime. Any user not patched against these bugs received the malware.
(more…)
Tags: ftp vulnerability, Secure Cloud Hosting, Security Threats, SQL Injections
Posted in: Security | No Comments »
by FireHost Evangelist on September 22nd, 2009
The Koobface social networking Trojan has plagued Internet Explorer users for over a year now.
Back in December, the worm manifested as Facebook spam messages with video links. Once clicked, viewers were prompted to download Trojan malware disguised as a Flash Player upgrade. Anyone who followed the on-screen prompts installed Koobface’s proxy server on his or her computer and became a conduit for ad jacking and clickfraud schemes.
Today, Koobface carries out basically the same scheme in a similar way, but reports about the latest variant of the Trojan reveal that Firefox users are now susceptible to the hack.
Firefox was “protected” from earlier versions of Koobface because the browser stores cookies in different locations and formats than Internet Explorer. The new variation employs a tool capable of transforming credentials saved in Firefox’s proprietary format into a style compatible with IE which lets the rest of Koobface’s payloads work as usual.
(more…)
Tags: facebook spam, koobface, Secure Cloud Hosting, trojan malware
Posted in: Security | No Comments »
by FireHost Evangelist on September 18th, 2009
According to a report by SANS.org, OS vulnerabilities are patched more quickly than client-side vulnerabilities on average. In addition, some client-side software remains unpatched or is not updated throughout it’s lifespan. As a result, hackers have found exploiting popular client-side applications such as Adobe PDF Reader, QuickTime, Adobe Flash, and Microsoft Office to be quite lucrative.
Attacks against popular web applications such as these constitute more than 60% of all attacks on the internet, and some of the exploits don’t even require a user to open the downloaded document or file. Victims’ computers may be compromised by simply visiting an infected website masked with the perception of being a trustworthy, big, software brand.
Client-side vulnerabilities are so powerful because they give hackers a mask behind which to carry out exploits. Users feel confident downloading files from trusted sources or using tools and applications such as Microsoft SQL, FTP, and SSH that are perceived to be safe because of popularity and industry-wide user-acceptance.
(more…)
Tags: Prevent Hackers, Secure Cloud Hosting, Vulnerability Exploitation
Posted in: Security | No Comments »
