James Slater found a cross-site-scripting vulnerability on Twitter.com which Twitter claims is now fixed.  According to James, it is not fixed.  The vulnerability allows malicious JavaScript to be embedded with user tweets.   This can result in user accounts being compromised and the owner can loose control of their account.

The vulnerability comes down to Twitter’s application programming interface (API) that allows developers to interface with Twitter through their own software.  Popular software packages like Twirl, TweekDeck, and HootSuite use this API to create and read posts on behalf of the user.  The API does not filter the url of the applications using Twitter, allowing malicious JavaScript to be sent along with the URL.

This threat is almost impossible for the average user to protect against, as just seeing the tweet is enough to have your account taken over.  Twitter’s response to this vulnerability was to filter out space characters from the address box in the application, but this only makes it slightly more difficult.

More information about this vulnerability can be found on David Naylor’s site.  David Naylor is a well known search marketing consultant who broke the news to Twitter.

Author: Christopher

(No Ratings Yet)

 Loading ...

Almost 300,000 web sites hosted with Internet Information Services are infected with a new malicious malware according to PandaLabs. By injecting SQL code in all pages hosted on the same IIS server, this vulnerability allows hackers to inject SQL code and redirect the visitor to a malicious site. The malicious page scans the visitors machine to find ways to compromise the visitors machine. Exploits are then downloaded and used to infected the redirected visitor based on the information found on the scan.

If your site is hosted with Internet Information Services it is highly recommended you check to see if your site is compromised. To check if your site is compromised, search your source code for the following IFRAME reference: “<script src=http://www.nihaorr1.com/1.js>”. If this IFRAME reference is found, remove them immediately and notify your IIS admin right away.

Author: Christopher

(1 votes, average: 5.00 out of 5)

 Loading ...

While Finjan was researching a server hosting a new version of NeoSploit crimeware toolkit, a database of over 8,000 ftp accounts was uncovered. 10% of Alexa’s top 100 domains login username & password are in the database. A majority of the accounts originate in the United States.

Also uncovered was a trading application that rates the quality of the compromised accounts according to location of the ftp server. This allows hackers to put a price on the stolen accounts.

These login credentials were stolen by appending an HTML iframe tag onto the victims website. This type of attack we are finding almost every day during our own research. Finjan identified government websites hosting similar malicious code on their websites. An example they talked about was a website belonging to a State Superior court.

Finjan is offering to identify if your website appears in this database by filling out this form.

Author: Christopher

(1 votes, average: 5.00 out of 5)

 Loading ...

It’s a shocking but true statement.

But then if the vulnerabilities and misconfigurations are known, why are steps not taken to correct them?

Well, the answer lies in the question itself. The vulnerabilities are known but which ones exist in your system’s network need to be identified.  The first step towards protection against security breaches is identification of these vulnerabilities. This is achieved through security audits and vulnerability scans.

A number of people question the need for security audits and few people even dismiss them as unnecessary. Some people believe that their anti-virus software can take care of all such security concerns. And it’s astonishing to know that a lot of people either have obsolete anti-viruses that are not updated as frequently as they should be or their anti-virus software has poor virus detection rate.

The need for protection varies from business to business. Though a powerful anti-virus software might suffice one business’ security needs; other businesses might require a more sophisticated security solution that comprises protection against malware of all types (malware is the short for “malicious software” and includes viruses, Trojans, worms, spyware, and adware).

Security audits involve a thorough analysis of the systems/network and security practices in order to determine the security solution that would best suit the organization. Security audits involve a lot of tests to identify misconfigurations, firewall vulnerability (e.g. due to exposed workstations), password policy, suitability of current anti-virus software, network component (modems, dial pools etc) vulnerability, vulnerability of web services, mail databases, etc. You must ensure that your security auditors perform all the relevant security tests and give you a complete and comprehensive security solution

Author: Christopher

(No Ratings Yet)

 Loading ...

August 12th, 2007 the United Nations website (www.un.org) was defaced in an attempt to CyberProtest “Ysrail” and “USA” citing “peace for ever”. This message appeared on pages generally reserved for quotes and speeches from the secretary general Ban Ki-moon as well as on other well know websites.

The hackers website states the CyberProtect’s objective, “that the powerful have no right to oppress the powerless”. The website also mentions other websites they allegedly hacked, including Harvard University, The UN Environment Program, Toyota, and Nestle.

Web applications are commonly a problem for most organization’s security strategy as they are not protected by the corporate firewall. It is said 75% of all cyber attacks are done at the web application level.

Monitoring patches and security notices for common out of the box web applications is very effective at minimizing your risk. Regular web vulnerability scanning and server hardening is the best way to ensure you are protected.

If you do e-commerce on your website, you also have to keep PCI Compliance in mind as non-compliance penalties are as high as $500,000. Web vulnerability scanning covers some of the PCI Compliance requirements.

Author: Christopher

(No Ratings Yet)

 Loading ...