Internet Anthropologist Think Tank: WWW security getting impossible

  • Search our BLOG

  • HOME
    Terrorist Names SEARCH:

    Monday, March 16, 2009

    WWW security getting impossible

    WWW security getting impossible
    Gerald: Internet Anthropologist Think Tank
    Friday, March 13, 2009 2:30 PM PDT

    Traditional security systems may be ineffective and become obsolete in warding off Web attacks launched by countries, according to Val Smith, founder of Attack Research. New attack trends include blog spam and SQL injections from Russia and China, Smith said during his talk at the Source Boston Security Showcase on Friday.

    "Client-side attacks are where the paradigm is going," Smith said. "Monolithic security systems no longer work."

    Additional SQL injections failed, so the hackers searched the system for another exploit. They found a library application that allows images to be uploaded. Hackers uploaded a GIF file with a line of code contained in the image. The computer system read the GIF tag and uploaded the photo and automatically executed the code........

    Attackers targeted high-traffic sites with blog spam and posted comments on blogs, he said. The comments looked odd and tended to have non-English phrases placed in large blocks of text with random words hyperlinked, he said. Clicking on such links took users to sites that seemed like blogs but were pages loaded with malware, Smith said.

    A Chinese bank owned the domains for each malware site, but the IP (Internet Protocol) addresses traced to Germany. Studying the links revealed that each one contained words in Russian or Romanian, said Smith. By placing an international spin on their nefarious activities, the hackers hoped to confuse anyone investigating their work, he said.......

    Smith's investigation traced the attacks to a home DSL account in Russia. The international nature of the incident made prosecution unlikely, he said.........

    Hackers "targeted an app that is custom-written, in-house, and launched a specific attack against that app," Smith said.

    Hackers eventually placed "iFrame" HTML code on every page of the company's Web site. The iFrames redirected the victim's browser to a server that infects the computer using a tool called "MPack." This tool profiled a victim's OS and browser and launched attacks based on that information.

    The result is that victims are getting hit with multiple attacks, said Smith.

    Today, SQL injection attacks are the top threat to Web security, said Ryan Barnett, director of application security at Breach Security, in an interview separate from the conference.

    Last year, cybercriminals began unleashing massive Web attacks that have compromised more than 500,000 Web sites, according to the security vendor.



    We told you so:

    Internet Anthropologist Think Tank: Security Epidemic: SLQ INJECTION  5/22/2008 11:36:00 AM

    Internet Anthropologist Think Tank: Infected PC's rampant  7/31/2008 01:32:00 AM

    Internet Anthropologist Think Tank: Security:hyper endemic Epidemic: 6/09/2008 09:20:00 PM

    WE are headed for  massive computer coruption, and total loss of trust in the Internet. The world need a MASSIVE influx of funding to secure the WWW.
    The security vendors are fast approaching total loss of www security.


    We have been warning about a cyber pearl Harbor, and how
    this is a new WMD, we have been heard:
    So worried are governments by the prospect of an all-out cyber-attack that last month UN secretary-general Ban Ki-moon revealed that cyber-weapons are to be added to the list of arms falling under the remit of the UN's Advisory Board on Disarmament Matters, which develops policy on weapons of mass destruction. Ban said recent breaches of critical systems represent "a clear and present threat to international security", since the public and private sectors have grown increasingly dependent on electronic information...
    Nowadays, electronic attacks are increasingly seen as a cheap and easy way for one nation to attack another. "It's the ultimate bargain hunter's way of destroying everyone's way of life," says Glenn Zimmerman, a cyberspace specialist at the Pentagon. "It may even be free."





    Post a Comment

    Subscribe to Post Comments [Atom]

    << Home