DDoS and SQL Injections {3}

by Leonardo S
The article I chose for this week is titled “Hackers Trade Tips On DDoS, SQL Injection” by Mathew J. Schwartz. The main focus of the article is on the activity of certain underground hacker forums. The data security firm Imperva monitored 18 forums and released a report saying that the two hottest topics were DDoS attacks and SQL injection attacks. A distributed denial of service attack involves flooding a network with fake packets in order to make it inaccessible. The other attack, an SQL injection, involves a hacker sending their own commands into a database. If it doesn’t have the right security, the hacker can easily use commands to access the information stored in the database. Imperva also announced that SQL injection attacks are the most used type of attack against website. This announcement was backed by the fact that many security experts believe that SQL injection attacks are what caused the breach in South Carolina state databases in which thousands of credit card and social security numbers were taken. read more...

The Solution to Hackers? Hire Them! {6}

by Jongwoo Y
This article deals with the problems that many companies have been facing with the birth of the information age, hackers. Companies such as Sony, Zappos, and even the government have been targets of many different hacker groups. The author goes into detail about one group in particular, Anonymous. This group is viewed as a political movement, rather than just malicious hackers that are making businesses go crazy for no reason. Whenever Anonymous attacks a business’ database, it is politically motivated with recent events that the business has been a part of. The article suggests that when these hackers are actually caught, it would be more beneficial to help rehabilitate these hackers and actually hire them to help prevent future cyber attacks. A huge reason that supports this movement is that many of the hackers in today’s world are very young. A lot of the members of Anonymous that do the actual hacking for the group are between the ages of 14-22 (Rashid, 2012). Not only would it be harder to prosecute a minor for their actions; it would help shape the future of these young people and help them take a step in the right direction in their lives. An interesting analogy that the author of this article made was that when a group such as Anonymous disrupts an online business, it is debatable whether or not it is more damaging than actually physically picketing in front of a physical storefront. Due to the recent rise of “hacktivists” (hackers who have political motives), businesses and law enforcement have created a better system of sharing information with one another (Rashid, 2012). Misha Glenny states, “We have a lot of talent out there and we should start to think of developing methods so we can find incentives to channel those talents before it happens.”. This makes perfect sense for businesses, and is a great solution to combat cyber attacks. read more...

ASP.NET Websites are Under Attack {1}

by Yeimy F

 I read an article from 2011 that says that about 180,000 pages from websites, using ASP.Net platform, have been affected by hackers who are massively attacking them with SQL injection. Hackers plant malicious JavaScript on ASP. NET websites which “causes the browser to load an iframe with one of the two remote sites: www3.strongdefenseiz.in and www2.safetosecurity.rr.nu.” This iframewhich is an HTML element specifies an inline frame used to embed another document within the current HTML document. Then, this iframe plants malware on the visitor’s computers. But Microsoft started providing ASP.NET programmers with enough information about how to protect against such attacks since 2005. read more...

The Effects of SQL Injection in Today’s Economy {Comments Off on The Effects of SQL Injection in Today’s Economy}

by Jongwoo Y
Due to recent public outcries, hackers have been using SQL injection in order to hack into company databases. Sony, a leading electronics company based in Japan has been targeted many times due to an unpopular approach that the company had been taking in  their use of the judicial system against some of their own customers. By the use of SQL injection, these hackers from groups such as LulzSec and Anonymous have been able to steal the information of over 77 million users of the PlayStation Network , a popular gaming community created by Sony for online gaming on their video game consoles (Finkle & Baker, 2011). This caused Sony to take tremendous losses in both their customer base and revenues from their PlayStation Network due to the fact that Sony was forced to close their online service for over a month. Information that was stolen from Sony’s PSN Database include customer names, credit card information, addresses, and birth dates (Finkle & Baker, 2011). However, the attacks are not over yet as Sony has experienced multiple attacks on their other services as well, including their music store websites based in Japan and in Europe as well (Rashid, 2011). read more...

Weak Government Websites {Comments Off on Weak Government Websites}

by Wendy O

Israeli government websites went down two days after receiving numerous threats from Anonymous, a hacker group. The hacker group criticized the Israeli Navy for intercepting and boarding two vessels that were in international waters headed to the Gaza Strip. These vessels were Irish and Canadian and were not carrying any weapons. Anonymous threatened to strike back if Israel continued blocking humanitarian vessels to Gaza. read more...

Mass SQL injection attack affected millions of ASP.net websites {Comments Off on Mass SQL injection attack affected millions of ASP.net websites}

by Boshi W
A recent article on Hacker News informed that a global attack done using SQL injection affected millions of outdated websites without the latest version of adobe PDF, Flash, or Java. Attackers planted malicious JavaScript on ASP.net sites causes the browser to load an iframe with one of the two remote sites: www3.strongdefensiez.in and www2.safetosecurity.rr.nu. From there, the iframe attempts to plant an malware on visitor’s PC Via a number of browser exploits without the visitor’s knowledge or participation. Fortunately, this browser exploit can be patched by browser updates so users with updated browser should not have issues with the exploit. However, it was researched that most of the antivirus softwares today cannot detect the malware and only a few even aware of it. By far, the most affected software is NoScript from firefox which prevents any scripts from running without the user’s permission. read more...