Web Application Security Newsletter -
March 2007
A MESSAGE FROM THE EDITOR - We see a potential turning of the tide when it comes to shouldering the substantial costs in the aftermath of a security breach. A proposed bill in Massachusetts would shift the burden from banks onto retailers in picking up the tab for reissuing credit cards, freezing accounts, and so on. A recent University of Maryland study’s findings illustrate how weak passwords make hackers’ lives so much easier. You can also read about Drive-By Pharming, which involves altering routers and re-directing web browsers, most likely for financial gain. As the miscreants become increasingly creative, so the public needs to become increasingly aware and defensive. Cenzic recently launched Secure Web, a blog community with a focus on web application security. Our vision is to build a thriving community of participants who share feedback, opinion, ideas, and experiences for the purpose of staying on the leading edge of web application security in a Web 2.0 world.
1. Join Secure Web—a New Blogging Community Special Offer to the first 20 Secure Web Contributors
Cenzic recently launched Secure Web, a blog with a focus on the latest web application security issues in a Web 2.0 world. We invite both technical and business professionals alike to post comments, opinions, and insights about the dynamic issues and challenges facing web application security today. On the business side, a recent post gives details about the specific steps that a company can take to implement a more robust process around securing web applications. For the technically savvy, one post addresses specific ways in which a company can secure their web applications. We welcome your feedback on these or other relevant topics. We look forward to your participation in building a community of bloggers whose ideas and insights contribute to the leading edge of web application security.
Special Offer: Be one of the first twenty bloggers to contribute your post to Secure Web and be entered into a drawing for a chance to win a $250 AMEX gift card.… Click and post now at www.secureweb.typepad.com.
Privacy Policy: No names or contact information of the community will ever be disclosed, sold, or used for any purpose.
2. Know your Enemy: Web Application Threats Using Honeypots to learn about HTTP-based attacks
Web applications continue to present a high risk of potential attack for a number of reasons. Poor source code quality, easy access to web applications on a global Internet stage, and the ease of locating flaws via search engine tools are but a few reasons behind their widespread vulnerability. Although efforts are underway to improve code quality, the sheer volume of existing vulnerable code will most likely carry this trend into the foreseeable future. Read about the fundamentals of a typical attack and how the Honeypot Project observes and monitors threats.
Read
More
3. Study shows hackers rely on dumb users
Study shows hackers rely on dumb users
A University of Maryland researcher set up four Linux computers as bait to see how attackers would hack them. Some 270,000 intrusion attempts later, Assistant Professor and Study Lead Michael Cukier released the study’s key findings. Among the findings: weak passwords make hackers’ lives easier. The study also logged the most common words used by hackers to log into the systems.
Read
More
4. Data breach law could put financial burden on retailers
A proposed State of Massachusetts bill would shift the financial burden of a data breach from banks to retailers. If passed, the legislation would require retailers to cover all losses, such as the canceling of credit cards and the freezing of accounts and credit information. Both banks and retailers are expected to lobby heavily for and against the bill. “We're providing an incentive for companies to get them to protect the data responsibly and securely with the strictest protocols available,” according to Adam Martignetti, who serves as Chief of Staff to Rep. Michael Costello.
Read
More
5. Clicking A Link Gets More Dangerous
View a malicious web page and you can potentially trigger major changes in your home broadband router or wireless access point. Drive-By Pharming, a term coined in a recent proof of concept paper, has made the click of a link potentially more dangerous. Through one click to a malicious web page, an attacker can wreak havoc on an unsuspecting user’s router or wireless access point. Read about how an attacker can alter a router and re-direct a web browser to take its victim to bogus financial sites
Read
More
6. Mozilla fixes multiple Firefox flaws
A security update was recently issued to fix flaws that enabled potential cross site scripting attacks, access to sensitive information, and more. The vulnerability clearinghouse firm Secunia has rated the flaws as highly critical. Mozilla is urging Firefox users to upgrade their browsers.
Read
More
|
