The SANS Institute has uncovered what they've termed a "rare gem" as far as computer security investigations go that sheds new light on how up to 20,000 Web sites have been hacked since January. They found a sneaky software tool that uses Google's search engine to hunt for Web sites running certain kinds of vulnerable applications, wrote Bojan Zdrnja, on the institute's blog. When the tool finds a site that is vulnerable, it kicks into action. "The exploit just consisted of an SQL statement that tried to inject a script tag into every HTML page on the web site," Zdrnja wrote. That SQL statement was crafted to target Web sites running Microsoft's Internet Information Server and SQL Server. Once compromised, the Web sites were then rigged to serve malicious software to visitors using JavaScript, which tried various exploits based on known software vulnerabilities. Among the malicious programs served up was a password-stealing program for the game "Lord of the Rings Online," security vendor McAfee said last month.
EarthLink Redirect Service Poses Security Risk, Expert Says
A vulnerability in servers used by EarthLink Inc. to handle mistyped Web page requests may have allowed attackers to launch undetectable phishing attacks against any Internet site, according to a noted Internet security researcher. The bug, which was patched earlier this week, underscores a fundamental security risk in the way that some Internet service providers are attempting to generate advertising revenue from mistyped Web addresses, said Dan Kaminsky, director of penetration testing at IOActive Inc., a security consulting firm. Because of a bug in the software used to redirect users to these advertising and search pages, Kaminsky was able to get the pages to run his own JavaScript code. With the browser treating this code as if it were from a legitimate domain, Kaminsky was able to steal users' cookies, create fake Web sites that appeared to be hosted on legitimate domains, and even log into certain Web sites without authorization.
UK - The Greater Manchester Police force is looking for friends - on Facebook. It has created a Facebook application to collect leads for investigations, marking the first use of the social networking site by U.K. law enforcement. The application delivers a real-time feed of police news and appeals for information. Next to that content is a feature to share a particular story with other friends in a person's network, as well as post comments. One of the recent updates is an appeal asking for information about four men, one of whom was armed with an axe, who robbed a betting shop. A "Submit Intelligence" link takes a Facebook user to the police Web site where they can anonymously submit tips.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
