Posts Tagged ‘SQL Injections’
by FireHost Evangelist on February 1st, 2011
At FireHost we are continually striving to make the secure hosting services that we provide to our customers even better, so that they can have the luxury of running securely and worry-free around the clock.
We are happy to announce our latest addition to the MyFireHost customer portal – Security View. Today is just the beginning of an impressive line up new features and enhancements that we’ll be integrating into our service in 2011.
Through Security View, you will have a front row seat to monitor your blocked attacks, in real-time with charts and graphs that help you visualize how frequently hackers attempt to breach your secure servers, websites and web-based applications.
Founder and CEO of FireHost, Chris Drake voices his concern for web security and the fundamental need for the new enhancements, “Most companies don’t realize how many attackers attempt to breach their websites and applications on a daily basis. We are so confident in our ability to block cybercrime that we’re opening the curtain and inviting our customers to see how well we protect their websites. Security View exposes the reality of cybercrime and lets our customers know we’re really looking out for them.”
Here a few of the key features Security View provides:
- View blocked application layer attacks (SQL Injections, XSS Attacks, Email Hoarding Events, Directory Traversals, and more)
- Sort and filter malicious activity by hour, day, week, month, or year
- View attack origins by region in real time, for each of your IPs
- Customize views to see attacks on your entire network, all the way down to an individual IP
Security View is a standard feature available to all customers with Secure Servers virtualized with VMWare. The next time you login to MyFireHost, simply navigate the tab labeled “Security” and check it out.
Tags: Application Protection, Hacker Prevention, Prevent DoS Attack, Secure Cloud Hosting, SQL Injections, Website Hacking, Website Security, Website Vulnerabilities
Posted in: Cloud Hosting, FireHost News, Security | No Comments »
by FireHost Evangelist on October 16th, 2009
Between TJ Max and Heartland Payment Systems, cyber thieves compromised a quarter of a million credit card numbers. Court records from the trial of Albert Gonzalez, a hacker that plead guilty to fraud and conspiracy charges in both cases, reveal just how easily the thieves behind these breaches were able to obtain the information.
Cyber Criminal Technique #1: War Driving
War driving means “cruising” for WiFi signals. Once detected, cybercriminals use FREE password-breaking software to intercept the signal broadcasting from any home or business.
Monitoring WiFi networks over time, cyberthieves can establish a virtual private network and connect directly to a server or database.
Cyber Criminal Technique #2: SQL Injection
SQL injections are a popular way for cybercriminals to get inside “protected networks”. In a SQL injection attack, the hacker types random characters into a web form, such as a log in page. The attack may be carried out manually or using a robot to penetrate the form. Once inside, hackers can gain access to databases containing sensitive, personal information.
War driving and SQL injection attacks are the means to a cyber criminal’s end. Once the target server is breached, he or she implants a “sniffer” program. (Sniffers are widely available for free, and they are capable of logging all traffic moving across a network). Savvy hackers have devised and sell sniffers designed specifically to detect and record credit and debit card information.
(more…)
Tags: cybercrime, data theft, SQL Injections, war driving
Posted in: Security | No Comments »
by FireHost Evangelist on September 25th, 2009
The Curious George childrens’ television show, which is run by the Public Broadcasting Service (PBS), was propagating malware from at least Monday until Thursday last week.
Nidhi Shah, a research scientist at Purewire told SCMagazineUS.com, “It’s not clear how how hackers were able to break into the site, but it is possible that they obtained the credentials to an FTP account or exploited an SQL injection vulnerability.”
The exploit manifested as a pop up for visitors to authenticate their session with a username and password before viewing the site contents. When users canceled the message screen or entered the wrong credentials, an error page informed them that they had failed to login properly. That error page contained JavaScript code which loaded malware from an exploit site targeting a number of known software vulnerabilities in Adobe Acrobat Reader, AOL Radio AmpX and SuperBuddy and Apple QuickTime. Any user not patched against these bugs received the malware.
(more…)
Tags: ftp vulnerability, Secure Cloud Hosting, Security Threats, SQL Injections
Posted in: Security | No Comments »
by FireHost Evangelist on September 15th, 2009
Programming errors on RideMatch.info allow hackers to access names, home addresses, phone numbers, commuting schedules, and employee ID numbers for the service’s users according to an article featured in The Register.
The RideMatch.info flaw provides inadequate scrutiny of user-generated text entered in search boxes and fields throughout the website. Hackers exploit the SQL injection vulnerability by passing commands directly into the back end database.
The vulnerability was identified and reported in August by Kristian Hermansen, a security researcher who was required by his employer to sign up for the service. His report to The Register stated, “The reason I am bringing this to your attention is that the issue is not being fixed by the admins and most companies don’t even know that their employee’s personal and corporate information may be been compromised.”
To date, the exploit has exposed hundreds of employees’ sensitive information across several organizations in S. California, including at least one military entity.
(more…)
Tags: Hackers, security bugs, SQL Injections, Website Vulnerabilities
Posted in: Security | No Comments »
by FireHost Evangelist on August 21st, 2009
This year, social networking sites have become popular targets for cyber crime according to a study of hacking episodes by Web Hacking Incidents Database (WHID). This is a shift from 2008 when government and law enforcement agencies were the most enticing targets.
Security experts believe social networks like Twitter and Facebook are targeted because of the sheer number of users. Defacement is the most common motivation for ego-driven hackers, and these high traffic, high involvement communities are a great way to disrupt many victims at once.
A study by Webroot sheds light on a few other reasons why social networks make a ripe targets for hackers.
- 36% of social networkers admit they don’t hide personal information
- 33% admit to using the same password for all of their online accounts
- 28% accept “friend requests” from strangers
With such a high percent of social networking users being unaware of the dangers, “hackers lure users into taking actions they shouldn’t by making it appear as if a friend within their social netowrk has sent them a message – only the message is from a hacker who has hijacked the friend’s account,” warns Mike Kronenberg CTO of Webroot’s Consumer Business division.
(more…)
Tags: Cross Site Scripting, Phishing, Prevent Hackers, Secure Cloud Hosting, SQL Injections
Posted in: Security | No Comments »
