At FireHost we are continually striving to make the secure hosting services that we provide to our customers even better, so that they can have the luxury of running securely and worry-free around the clock.

We are happy to announce our latest addition to the MyFireHost customer portal – Security View. Today is just the beginning of an impressive line up new features and enhancements that we’ll be integrating into our service in 2011.

Through Security View, you will have a front row seat to monitor your blocked attacks, in real-time with charts and graphs that help you visualize how frequently hackers attempt to breach your secure servers, websites and web-based applications.

Founder and CEO of FireHost, Chris Drake voices his concern for web security and the fundamental need for the new enhancements, “Most companies don’t realize how many attackers attempt to breach their websites and applications on a daily basis. We are so confident in our ability to block cybercrime that we’re opening the curtain and inviting our customers to see how well we protect their websites. Security View exposes the reality of cybercrime and lets our customers know we’re really looking out for them.”

Here a few of the key features Security View provides:

• View blocked application layer attacks (SQL Injections, XSS Attacks, Email Hoarding Events, Directory Traversals, and more)
• Sort and filter malicious activity by hour, day, week, month, or year
• View attack origins by region in real time, for each of your IPs
• Customize views to see attacks on your entire network, all the way down to an individual IP

Security View is a standard feature available to all customers with Secure Servers virtualized with VMWare. The next time you login to MyFireHost, simply navigate the tab labeled “Security” and check it out.

Cyber Criminal Technique #1: War Driving

War driving means “cruising” for WiFi signals. Once detected, cybercriminals use FREE password-breaking software to intercept the signal broadcasting from any home or business.

Monitoring WiFi networks over time, cyberthieves can establish a virtual private network and connect directly to a server or database.

Cyber Criminal Technique #2: SQL Injection

SQL injections are a popular way for cybercriminals to get inside “protected networks”. In a SQL injection attack, the hacker types random characters into a web form, such as a log in page. The attack may be carried out manually or using a robot to penetrate the form. Once inside, hackers can gain access to databases containing sensitive, personal information.

War driving and SQL injection attacks are the means to a cyber criminal’s end. Once the target server is breached, he or she implants a “sniffer” program. (Sniffers are widely available for free, and they are capable of logging all traffic moving across a network). Savvy hackers have devised and sell sniffers designed specifically to detect and record credit and debit card information.

Wade Baker, Verizon Business’ principal researcher told USA Today, it takes five to six months (on average) before companies detect cybercrimes of this nature. In the vast majority of cases he has researched, cyberthieves spent days after the initial breach to locate databases with the most valuable information, then methodically extracted the sensitive data for weeks or years before being detected. He warns, “Many organizations right now have breaches they don’t know about and won’t discover for some time to come.”

The Identity Theft Resource Center (ITRC) has investigated about 400 incidents consisting of over 220 million exposed records so far this year. The list of victims proves that lengthy and destructive breaches are not reserved for global enterprise. SMBs, particularly businesses that provide retail, financial, and healthcare services are prime targets.

“The highly available and free nature of the tools necessary to carry out war driving and SQL injection attacks means novice hackers are capable of producing devastating breaches. Achieving PCI Compliance and partnering with a hosting partner that provides security will help prevent you from making the ITRC’s list,” advises Chris Drake, CEO and Founder of FireHost.

Nidhi Shah, a research scientist at Purewire told SCMagazineUS.com, “It’s not clear how how hackers were able to break into the site, but it is possible that they obtained the credentials to an FTP account or exploited an SQL injection vulnerability.”

The exploit manifested as a pop up for visitors to authenticate their session with a username and password before viewing the site contents. When users canceled the message screen or entered the wrong credentials, an error page informed them that they had failed to login properly. That error page contained JavaScript code which loaded malware from an exploit site targeting a number of known software vulnerabilities in Adobe Acrobat Reader, AOL Radio AmpX and SuperBuddy and Apple QuickTime. Any user not patched against these bugs received the malware.

It’s undetermined how many people encountered the attack, but Kevin Dando, director of digital and education communications at PBS believes the exposure to be very low since PBS has not received complaints. Mr. Dando told SCMagazineUS.com that internal triggers had alerted them to the situation. They  addressed it quickly, and that the situation has been completely fixed as of last Friday.

In his closing comments, Mr. Dando warned “that this incident should serve as a reminder that any system can potentially be exposed to infection, and service providers must remain vigilant against threats and be prepared to act aggressively and be ready with pre-established procedures.”

The RideMatch.info flaw provides inadequate scrutiny of user-generated text entered in search boxes and fields throughout the website. Hackers exploit the SQL injection vulnerability by passing commands directly into the back end database.

The vulnerability was identified and reported in August by Kristian Hermansen, a security researcher who was required by his employer to sign up for the service. His report to The Register stated, “The reason I am bringing this to your attention is that the issue is not being fixed by the admins and most companies don’t even know that their employee’s personal and corporate information may be been compromised.”

To date, the exploit has exposed hundreds of employees’ sensitive information across several organizations in S. California, including at least one military entity.

The Ride Match website is a joint project between five regional transit authorities. The service pairs commuters based on home and office destinations as well as departure times. The Riverside County Transportation Commission, an agency responsible for the website, reported to have reached out to the Trapeze Group (a Canada-based development company that designed the software) right after the vulnerability was reported.

Once identified, SQL injection vulnerabilities can often be patched by changing a line or two of code, but The Register spoke to a Trapeze spokesperson on 9/8, and at that time she was unaware of any security bugs being reported on the software. She promised that any vulnerabilities brought to their attention would be investigated and resolved.

Security experts believe social networks like Twitter and Facebook are targeted because of the sheer number of users. Defacement is the most common motivation for ego-driven hackers, and these high traffic, high involvement communities are a great way to disrupt many victims at once.

A study by Webroot sheds light on a few other reasons why social networks make a ripe targets for hackers.

• 36% of social networkers admit they don’t hide personal information
• 33% admit to using the same password for all of their online accounts
• 28% accept “friend requests” from strangers

With such a high percent of social networking users being unaware of the dangers, “hackers lure users into taking actions they shouldn’t by making it appear as if a friend within their social netowrk has sent them a message – only the message is from a hacker who has hijacked the friend’s account,” warns Mike Kronenberg CTO of Webroot’s Consumer Business division.

The technique described by Mr. Kronenberg is known as phishing, and it’s one of the most preventable ways hackers obtain access to confidential information. SQL injections, Cross-site Scripting (XSS), and Cross-site Forgery Requests (CSFR) are more covert, technical methods that hackers use to get the infomation they need.

“As a web service or SaaS provider, you can help protect your users from these attacks by hosting your applications in a secure environment. Users need to be savvy, and when they can’t stay up to speed on all the risks, community users should be weary and overly cautious at all times,” suggests Chris Drake, CEO of FireHost.