Surviving the Week 6/15/2012

United States Department of Defense data leaked by Anonymous hackers

A group named “Wikiboat” attacked the website of the Department of Defense and gained access to some sensitive information. The information disclosure is the result of a SQL Injection. The leaked data includes some officials name, emails and phone numbers. If the web site of the DoD can be penetrated, it’s time to ask yourself if your application is secure against modern day attacks? Test your application with NTOSpider to find out –
http://thehackernews.com/2012/06/united-states-department-of-defense.html

The Biggest Cybersecurity Threat Just May Be Your Own Staff

According to a survey, 71% of IT management consider insider threats to be the greatest security risk to their companies. In modern days, very few ports are allowed inbound to companies network from evil-net and typically (80 & 443). Attacks from the web have increased over years which take advantage of application vulnerabilities. We have seen cases where a vulnerability in an application resulted in a complete compromise of the internal network.  Make your application more secure by testing it periodically with NTOSpider –
http://blogs.wsj.com/cio/2012/06/12/the-biggest-cybersecurity-threat-just-may-be-your-own-staff/?mod=wsjcio_hps_cioreport

Active Zero-Day Exploit Targets Internet Explorer Flaw

A new zero day vulnerability has been discovered in Internet Explorer. Microsoft released a patch for MS12-037 and CVE-2012-1875.  Patch IE with the highest of priority to protect you against this vulnerability –
http://blogs.mcafee.com/mcafee-labs/active-zero-day-exploit-targets-internet-explorer-flaw

A Tragically Comedic Security Flaw in MySQL

A flaw was discovered due to an assumption that the memcmp() function would always return a value within the range -128 to 127 (signed character). On some platforms and with certain optimizations enabled, this routine can return values outside of this range, eventually causing the code that compares a hashed password to sometimes return true even when the wrong password is specified. Since the authentication protocol generates a different hash each time this comparison is done, there is a 1 in 256 chance that ANY password would be accepted for authentication. MySQL Has released a patch for CVE-2012-2122.  Patch your MySQL to protect against comedic vulnerability –
https://community.rapid7.com/community/metasploit/blog/2012/06/11/cve-2012-2122-a-tragically-comedic-security-flaw-in-mysql

About Dan Kuykendall 173 Articles
Connect with Dan on Google+

Be the first to comment

Leave a Reply

Your email address will not be published.


*