Posted on

Black Hats no longer behind White Hats

Research has shown that Black Hat hackers in many cases are far ahead of their White Hat counterparts. Many of the wares produced by Black Hats are now “dormant” and waiting on your system to be activated when signaled. They are mainly trojans that wait for you use your online banking.   Viruses have quadrupled from over 15,000 in 2007 to almost 60,000 in 2008. F-Secure says there were 59,177 programs called “Trojans,” circulating on the Internet since last year, compared with 15,969 in 2007 (USA Today).

Things to consider to have a fighting chance:

  1. Keep your PC up to date. If running Linux, make sure you keep up with the system updates (especially the critical updates). On a Windows box, ensure that Updates are enabled.
  2. An anti-virus software must be installed. I suggest AVG. Even on a linux machine you should run anti-virus software to prevent the propagation of viruses to Windows based machines.
  3. Install some form of Spyware Removal Tool.
  4. It seems Microsoft’s Internet Explorer is at the top of the list of “most hacked” browser. Firefox and Chrome are far less susceptible to attacks, making them safer browsers. Use them instead.
  5. Secure your wireless network. Try to use WPA2-PSK at the very least with a more secure pseudo-random generated key. A good key generator is found here.
  6. Ensure a firewall of some sort is running. Windows Firewall is the absolute bare minimum.

It seems, after all that, it sometimes comes down to just plain common-sense sometimes. A lot of trojans and viruses make their way into your system when certain executables are run. If you receive a file by email, always check the extension on the file. For example, spears.jpg.vbs is not a picture but a vbscript that could be potentially dangerous.

Technorati Tags: , , , , , , , ,

Posted on

Security company’s customer database hacked by SQL Injection

Kaspersky Lab, a Moscow-based security company, admitted today that a database containing customer information had been exposed for almost 11 days and that it only learned of the breach when Romanian hackers told the firm about it (the hackers in this instance were white hats). No data was actually downloaded or looked at.

The hackers (presumed from Romania), went public in a blog post. They claimed that after launching a SQL injection attack on Kaspersky’s U.S. support site, they were able to access a customer database that included e-mail addresses and software activation codes.

Roel Schouwenberg,  a Kaspersky senior antivirus researcher,  confirmed that the database was hacked via a SQL injection attack, but he reiterated that only the database’s table labels had been accessed by the hackers, not the data itself. “A more advanced hacker could have gotten access to the information,”  Schouwenberg acknowledged, “including activation codes for the product and e-mail addresses. But that didn’t happen.”

A combination of vulnerable code crafted by an unnamed third-party vendor and poor code review by Kaspersky was to blame, thus an Application Security issue.

Kaspersky has hired Next Generation Security Software Ltd.’s David Litchfield, one of the world’s experts on SQL injection attacks and database security, to do an independent audit of the company’s systems.  Considering that if Kapersky had been using Rational Appscan to look after their site, they would have been notified during a scan of the vulnerability and other issues without having to extend to external “experts” in SQL injection.

SQL Injection seems to be the major choice by hackers to compromise applications through the web frontend. Rational Appscan can test and identify SQL Injection vulnerabilities in a given system being tested.

Technorati Tags: , , , , , ,

Source: www.computerworld.com