Archive for October, 2009
by FireHost Evangelist on October 30th, 2009
McAfee’s study, “The Security Paradox” examines how small and medium organizations that employ between 51-1,000 workers address IT security and growing cyber threats.
An overarching theme of the report reveals that SMBs around the world (and particularly in North America) believe they are too small and pose too little value to hackers to be worth their time, but recent trends in hacker and cybercrime activity reveal that’s just not the case.
In reality, SMBs’ limited resources, inadequate security, and lack of technical expertise make them more vulnerable to cyber attack, and hackers are taking notice.
Jeff Green, Senior VP of McAfee Avert Labs confirmed, “High profile attacks [on larger enterprises] are becoming less frequent because they are often detected quickly. Attackers are favoring stealth attacks that quietly infiltrate systems [of small and medium businesses].”
To change this trend, small and medium-sized organizations will need to make significant shifts in their fundamental values and budgetary allocations.
(more…)
Tags: cybercrime, Hackers, Secure Web Hosting, SMB security
Posted in: Security | No Comments »
by FireHost Evangelist on October 24th, 2009
The Guardian Jobs UK website was hacked Friday 10/23. The third party that runs the website has identified the manner in which the breach was carried out, but details have not been disclosed.
Users affected by the breach have been contacted by email and instructed to:
- Contact your creditors, even if they have not been affected, so that they can monitor your accounts to ensure they remain protected.
- Contact a credit reference agency: Callcredit, Equifax or Experian provide suggested steps to resolve the situation and prevent it happening again.
- Contact CIFAS protective registration: If you think you have been a victim of identity theft you should consider subscribing to CIFAS. This places a notice on your credit file indicating that your name and address may be used to perpetrate identity fraud.
Guardian Jobs confirmed that the US jobs site is independent of the UK operation and has not been effected.
Posted in: Security | No Comments »
by FireHost Evangelist on October 21st, 2009
The WordPress Development team has been working feverishly to launch the next big release (2.9) by the end of October. However, security vulnerabilities pose such a threat to their HUGE user-base, they back-ported some of the 2.9 security patches into a version released yesterday – 2.8.5.
WordPress version 2.8.5 addresses the following security vulnerabilities:
- Fixes the Trackback Denial-of-Service (DOS) attack vulnerability
- Removes code areas where php code in variables are evaluated
- Upgrades file upload functionality so all users (including Admins) are whitelisted
- Retires two Tag data importers from old plug-ins
This interim release shows the WordPress Development Team’s commitment to protecting users with the maximum level of security they can provide. Impressive!
All WordPress users should harden their installation immediately by upgrading to this new version now. Upgrading your website is a great excuse to upgrade your hosting environment as well.
Ask yourself:
(more…)
Tags: Secure Web Hosting, Wordpress Hosting, WordPress Security
Posted in: Security | No Comments »
by FireHost Evangelist on October 16th, 2009
Between TJ Max and Heartland Payment Systems, cyber thieves compromised a quarter of a million credit card numbers. Court records from the trial of Albert Gonzalez, a hacker that plead guilty to fraud and conspiracy charges in both cases, reveal just how easily the thieves behind these breaches were able to obtain the information.
Cyber Criminal Technique #1: War Driving
War driving means “cruising” for WiFi signals. Once detected, cybercriminals use FREE password-breaking software to intercept the signal broadcasting from any home or business.
Monitoring WiFi networks over time, cyberthieves can establish a virtual private network and connect directly to a server or database.
Cyber Criminal Technique #2: SQL Injection
SQL injections are a popular way for cybercriminals to get inside “protected networks”. In a SQL injection attack, the hacker types random characters into a web form, such as a log in page. The attack may be carried out manually or using a robot to penetrate the form. Once inside, hackers can gain access to databases containing sensitive, personal information.
War driving and SQL injection attacks are the means to a cyber criminal’s end. Once the target server is breached, he or she implants a “sniffer” program. (Sniffers are widely available for free, and they are capable of logging all traffic moving across a network). Savvy hackers have devised and sell sniffers designed specifically to detect and record credit and debit card information.
(more…)
Tags: cybercrime, data theft, SQL Injections, war driving
Posted in: Security | No Comments »
by FireHost Evangelist on October 14th, 2009
Even if you’re not a football fan, you’ve probably seen news about Argentinean Coach Diego Maradona’s website being defaced by a Peruvian fan/hacker “Elite-Peruvian”.
The website’s intended facade was replaced with a tearful picture of Maradona under the caption “We made you cry” after the Argentine team defeated Peru 2 to 1 on Saturday.
Under Maradona’s image, the hacker included a Peruvian team photo proclaiming “For the biggest cry baby of all time. We didn’t win at the football, but we did on the web!” And as a final insult, Elite Peruvian threw in a soundtrack of Peruvian folk music playing in the background.
Details on how the hacker accessed Maradona’s website are forthcoming, but you can see images of the defacement on Graham Cluley’s blog. Referring back to Maradona’s 1986 FIFA World Cup quarter finals match, Mr. Cluley suggests Maradona seek a more concrete website security solution than the “Hand of God.”
We agree. For website security, FireHost may be the best option.
Tags: defaced, diego maradona, hacker, Website Security
Posted in: Web Hosting | No Comments »
by FireHost Evangelist on October 13th, 2009
This week, we’ve teamed up with Kyle Steed to Celebrate the Two-year Anniversary of his blog.
In honor of Kyle’s commitment to bringing design-inspired news to you, we’re giving away a Flip Mino HD Recorder with a custom case designed by Mr. Steed himself!
Here’s how to win:
- Step 1: Follow @FireHost and @KyleSteed on Twitter
- Step 2: Tweet the following phrase as many times as you’d like between Tuesday 10/13 and Monday 10/19 for a chance to win! “Win a Flip Mino HD from @kylesteed and @firehost – celebrating two years http://bit.ly/1saiqi RT to participate!“
You can improve your chances of winning the contest by posting a comment on Kyle’s contest page.
Good luck!
Follow up:
Congratulations David Yarde! You won the custom Flip.
Tags: contests, flip camera, flip mino hd, kyle steed
Posted in: FireHost News | No Comments »
by FireHost Evangelist on October 6th, 2009
Of the 285 million successful data breaches investigated by Verizon Business last year, 99% of the data was stolen from servers and applications, not desktops, mobile devices, or portable media. Additionally, over 90% of the 285 million successful data breaches involved organizations that provide financial services.
Experts attribute the proliferation of cybercrime in the Financial Services sector to the recent and lucrative trend toward personal identification number (PIN) fraud.
Hackers who successfully associate a stolen PIN with the appropriate credit card or debit account information can steal cash directly from the consumer’s account. This type of attack, where money is taken “legitimately” from checking, savings, and/or brokerage accounts is more difficult to trace and almost impossible for consumers to defend.
Cyber criminals have been quick to react to the vulnerability, re-engineering processing and developing new memory-scraping malware making it easy to obtain and store PIN details.
While Financial Services Organizations accounted for most of the data compromises, they were not the most targeted sector:
- Retail Industry #1 at approximately 33% of all attacks
- Financial Services #2 at approximately 30% of all attacks (highest growth, +16% from previous years)
- Food and Beverage Services #3 at approximately 14%
These statistics (30% of attacks, 90% of successful breaches) indicate that security measures presently in place with financial institutions are severely underdeveloped.
(more…)
Tags: cyber criminals, PCI Compliance, pin fraud, Secure Web Hosting
Posted in: Security | No Comments »
by FireHost Evangelist on October 2nd, 2009
Client-side (or Personal Computer) vulnerabilities are “holes” in the operating system or applications that run on personal computers. In addition to the core operating system, email clients, browsers, document viewers, and multimedia applications are susceptible to exploits in this category.
The top trends in browser exploits for this year include:
- Web browsers in general made up the largest number of client-side vulnerabilities reported this year, and web browser plug-in ActiveX control accounts for three of the top five most popular web browser exploits.
- New FireFox threat disclosures surpassed Microsoft Internet Explorer’s new disclosures. As with most browser-related incidents, attacks happened when users did not keep browser’s patched and current.
- Organized and targeted web exploit toolkits are quickly replacing “one off’ web browser exploits because of the flexible delivery options that empower hackers to attack all a site’s visitors at once or customize victims based on data such as the visitor’s cookie set, geographic location, or referring url.
- Obfuscation found in client side exploits is on the rise. In fact, the amount of suspicious, obfuscated content almost doubled from Q1 to Q2 of this year.
- VBScript is now being used on 20% of malicious sites, up 13% from 2008. Researchers have observed that final attack code however is still usually JavaScript which has merely been obfuscated by Visual Basic Scripts.
(more…)
Posted in: Security | No Comments »
