Posts Tagged ‘SQL Injections’

USA Today: Cyberthieves find workplace networks are easy pickings

by FireHost Evangelist on October 16th, 2009

officeplace_r2_c2Between TJ Max and Heartland Payment Systems, cyber thieves compromised a quarter of a million credit card numbers. Court records from the trial of Albert Gonzalez, a hacker that plead guilty to fraud and conspiracy charges in both cases, reveal just how easily the thieves behind these breaches were able to obtain the information.

Cyber Criminal Technique #1: War Driving

War driving means “cruising” for WiFi signals. Once detected, cybercriminals use FREE password-breaking software to intercept the signal broadcasting from any home or business.

Monitoring WiFi networks over time, cyberthieves can establish a virtual private network and connect directly to a server or database.

Cyber Criminal Technique #2: SQL Injection

SQL injections are a popular way for cybercriminals to get inside “protected networks”. In a SQL injection attack, the hacker types random characters into a web form, such as a log in page. The attack may be carried out manually or using a robot to penetrate the form. Once inside, hackers can gain access to databases containing sensitive, personal information.

War driving and SQL injection attacks are the means to a cyber criminal’s end. Once the target server is breached, he or she implants a “sniffer” program. (Sniffers are widely available for free, and they are capable of logging all traffic moving across a network). Savvy hackers have devised and sell sniffers designed specifically to detect and record credit and debit card information.

(more…)

Tags: , , ,
Posted in: Security | No Comments »

Inquisitive Hackers Compromise Curious George Website

by FireHost Evangelist on September 25th, 2009

effedGeorgeThe Curious George childrens’ television show, which is run by  the Public Broadcasting Service (PBS), was propagating malware from at least Monday until Thursday last week.

Nidhi Shah, a research scientist at Purewire told SCMagazineUS.com, “It’s not clear how how hackers were able to break into the site, but it is possible that they obtained the credentials to an FTP account or exploited an SQL injection vulnerability.”

The exploit manifested as a pop up for visitors to authenticate their session with a username and password before viewing the site contents. When users canceled the message screen or entered the wrong credentials, an error page informed them that they had failed to login properly. That error page contained JavaScript code which loaded malware from an exploit site targeting a number of known software vulnerabilities in Adobe Acrobat Reader, AOL Radio AmpX and SuperBuddy and Apple QuickTime. Any user not patched against these bugs received the malware.

(more…)

Tags: , , ,
Posted in: Security | No Comments »

SQL Injection Vulnerability Exposes Sensitive Details about Ride Share Users in S. California

by FireHost Evangelist on September 15th, 2009

rideshareFinalProgramming errors on RideMatch.info allow hackers to access names, home addresses, phone numbers, commuting schedules, and employee ID numbers for the service’s users according to an article featured in The Register.

The RideMatch.info flaw provides inadequate scrutiny of user-generated text entered in search boxes and fields throughout the website. Hackers exploit the SQL injection vulnerability by passing commands directly into the back end database.

The vulnerability was identified and reported in August by Kristian Hermansen, a security researcher who was required by his employer to sign up for the service. His report to The Register stated, “The reason I am bringing this to your attention is that the issue is not being fixed by the admins and most companies don’t even know that their employee’s personal and corporate information may be been compromised.”

To date, the exploit has exposed hundreds of employees’ sensitive information across several organizations in S. California, including at least one military entity.

(more…)

Tags: , , ,
Posted in: Security | No Comments »

Social Networks Targeted by Hackers More Often than Government & Law Agencies in ’09

by FireHost Evangelist on August 21st, 2009

This year, social networking sites have become popular targets for cyber crime according to a study of hacking episodes by Web Hacking Incidents Database (WHID). This is a shift from 2008 when government and law enforcement agencies were the most enticing targets.

socialTargets

Security experts believe social networks like Twitter and Facebook are targeted because of the sheer number of users. Defacement is the most common motivation for ego-driven hackers, and these high traffic, high involvement communities are a great way to disrupt many victims at once.

A study by Webroot sheds light on a few other reasons why social networks make a ripe targets for hackers.

  • 36% of social networkers admit they don’t hide personal information
  • 33% admit to using the same password for all of their online accounts
  • 28% accept “friend requests” from strangers

With such a high percent of social networking users being unaware of the dangers, “hackers lure users into taking actions they shouldn’t by making it appear as if a friend within their social netowrk has sent them a message – only the message is from a hacker who has hijacked the friend’s account,” warns Mike Kronenberg CTO of Webroot’s Consumer Business division.

(more…)

Tags: , , , ,
Posted in: Security | No Comments »

Web 2.0 Enabled Sites Wear a Target for Cybercrime

by FireHost Evangelist on July 24th, 2009

20TargetData compiled by Secure Enterprise 2.0 indicates that businesses who incorporate Web 2.0 functionality like social networks, wikis, and blogs are the most popular targets for hackers.

In fact, websites that incorporate these features accounted for 21% of hacking incidents reported in the first quarter of 2009. The top threats to “socially enabled” websites are SQL Injections (21% of attacks), Authentication Abuse (18%), and Cross Site Request Forgery – CSRF (8%). You may download a full copy of Secure Enterprise’s report here.

“Businesses often use open source applications like Community Server, WordPress, and Drupal to integrate social features into their websites. Every enterprise deserves the ability to keep content fresh by using blogs and forums. It’s great for marketing and user retention. We help facilitate these mediums by addressing vulnerabilities in open source software all the way from module installation to hosting,” encourages FireHost CEO, Chris Drake.

FireHost CTO, Kevin Wall explains why a holistic approach to site development and hosting is important. (more…)

Tags: , , ,
Posted in: Security | No Comments »

USA Today: “SQL Injection Attacks Hit 450,000 a Day”

by FireHost Evangelist on March 20th, 2009

Modern cybercriminals are out to do harm. Simple as that. They penetrate vulnerable websites, steal private customer information, and commit identity theft every day. Hacker tools and methods of attack have become more sophisticated and wider in scope in recent months.

USA Today reports:

SQL attacks take aim at the database layer of websites. They typically were manual attacks designed to pilfer customer data from merchant websites. But last June someone figured out how to automate the attacks, and use them to plant infections. By mid-June, daily attacks spiked to 25,000; by October they topped 450,000 a day.

Holly Stewart, IBM ISS threat response manager, says the infections take advantage of security flaws in cool website features, such as online-delivered video, music, photos, documents and work files.

Giant financial institutions and online merchants have put up strong defenses, says Phil Neray, vice president of security strategy at Guardium, a database security firm. “The same is not necessarily true of regional banks and credit unions, smaller online retailers and state government agencies.”

FireHost is in business to address website security needs of the “smaller guys” Mr. Neray mentions above. It’s imperative your company respond to the threat of cybercriminals swiftly and effectively because SQL attacks strike governments and credit card companies every day. FireHost can help your company avoid the negative spotlight.

SQL attacks are preventable when your website, email, databases, and other applications are hosted with a security-focused web hosting provider. We’ve taken industry-leading measures to make enterprise-level security attainable for every business because we know that the last thing you need to do with your time is mitigate a high-profile website attack on customer information.

Most hosting providers don’t invest the resources required to maintain a prevention-focused, secure hosting environment. If your company does business online however, you owe it to your customers and employees to make sure their most important information is protected.

Here’s just a sample of what puts FireHost secure web hosting in a class of its own:

Network Layer Security
FireHost runs dual Sonicwall internet security devices, providing firewall redundancy for every client. This layer safegaurds websites, emails, and databases from unauthorized intrusions, like SQL attacks.

Application Protection
We also run a web application firewall to close the holes within your website’s applications, the entry-point for SQL attacks.

Vulnerability Monitoring
FireHost partners with McAfee to provide you with web-based website vulnerability auditing and remediation mangement, completing scans every fifteen minutes.

Register here to have a FireHost Security Agent perform a vulnerability report for your website. We will contact you shortly with the eye-opening results.

Tags: , , , ,
Posted in: Security | No Comments »

Why You Need SQL Injection Protection

by FireHost Evangelist on November 3rd, 2008

SQL Injections have website owners and developers running scared. If you haven’t heard of a SQL Injection, then you better listen up and hit Google university.

SQL Injections are the number one vulnerability exploited by hackers, by far. According to security vendor Sophos, 16,000 new websites are hit by the attacks every day. WordPress, Joomla, Drupal, .NET, classic ASP, PHPBB websites have all been hit with SQL Injections. Do NOT roll the dice on this one! Every web site big or small is vulnerable to injection by automated scripts attempting SQL-Injections through your webforms, dynamic URLs, etc.

This video from Graham Cluley of Sophos discusses the impact of a SQL Injection that hit BusinessWeek.

What can you do NOW to help secure your website?

  1. Ensure all logins use strong passwords
  2. Employ web form validation and/or CAPTCHA
  3. If you’re using a CMS or website platform, ensure it’s up-to-date (including all plug-ins)
  4. Ensure all components are current (ASPupload, etc)
  5. Use static URLs instead of dynamic URLs

FireHost takes SQL Injection protection to the next level by:

  1. Analyzing your website and web applications to assess the potential for SQL Injections and other hacking vulnerabilities
  2. Protecting your website using our secure and transparent Web Application Firewall
  3. Monitoring your website for new vulnerabilities

Tags: , , , , , ,
Posted in: Security | No Comments »