Tag Archives: attacks
How does Web application security affect me?
Web Applications are compromised daily and now account for the majority of vulnerabilities on the Internet.
Web application weaknesses are a major way that cyber criminals, working with hacking techniques, can steal sensitive data. With this data, nefarious crooks can affect companies and individuals alike; there is little distinction between Fortune 500 Companies and an end user with a credit card. They often just follow the path of least resistance.
Online data theft is not a game. While some hackers will brag about having breached the security of a web application and gained access to sensitive data, the criminals have money, not bragging rights in their cross-hairs. Extortion is sometimes the name of the game. If data can be held at ransom by thieves, depending on how sensitive the data is, they can demand a huge sum of money.
The ways that companies and individuals are affected by web application attacks are numerous. Imagine this “what if” situation. A large Fortune 500 company is attacked by an orchestrated attack and the credit card numbers are taken and held at ransom by an organized crime group. Word gets out and the Fortune 500 company under goes a huge investigation and security audit. The clients and customers of the company lose trust in the security of the company and start taking their business elsewhere. The company then starts losing revenue and the customers begin to find that their credit cards are being charged illegally. The credit card companies are involved and are losing money as well. Nobody is immune to these web application attacks, whether its large company or one individual.
As programmers design web applications to be more accessible and easy to use, often these features are targets for crime groups to attack. Programmers must protect their applications by following secure coding practices to filter out any attacks and create a safe place for their clients customers to do business.
One of the major ways hackers breach a web application are through SQL injection attacks. SQL injection attacks can be used to access sensitive data or do any number of destructive things to the data stored in the web application’s database. Cross-site scripting attacks are also prevalent. This attack occurs when malicious code is inserted and executed when a user loads an infected page. Denial of service attacks are also popular. This happens when the network hosting a web application is swamped with useless requests sent out by the criminals which creates so much traffic that the network or system crashes.
Its a wild world out there…
How does Web application security affect me?
Web Applications are compromised daily and now account for the majority of vulnerabilities on the Internet.
Web application weaknesses are a major way that cyber criminals, working with hacking techniques, can steal sensitive data. With this data, nefarious crooks can affect companies and individuals alike; there is little distinction between Fortune 500 Companies and an end user with a credit card. They often just follow the path of least resistance.
Online data theft is not a game. While some hackers will brag about having breached the security of a web application and gained access to sensitive data, the criminals have money, not bragging rights in their cross-hairs. Extortion is sometimes the name of the game. If data can be held at ransom by thieves, depending on how sensitive the data is, they can demand a huge sum of money.
The ways that companies and individuals are affected by web application attacks are numerous. Imagine this “what if” situation. A large Fortune 500 company is attacked by an orchestrated attack and the credit card numbers are taken and held at ransom by an organized crime group. Word gets out and the Fortune 500 company under goes a huge investigation and security audit. The clients and customers of the company lose trust in the security of the company and start taking their business elsewhere. The company then starts losing revenue and the customers begin to find that their credit cards are being charged illegally. The credit card companies are involved and are losing money as well. Nobody is immune to these web application attacks, whether its large company or one individual.
As programmers design web applications to be more accessible and easy to use, often these features are targets for crime groups to attack. Programmers must protect their applications by following secure coding practices to filter out any attacks and create a safe place for their clients customers to do business.
One of the major ways hackers breach a web application are through SQL injection attacks. SQL injection attacks can be used to access sensitive data or do any number of destructive things to the data stored in the web application’s database. Cross-site scripting attacks are also prevalent. This attack occurs when malicious code is inserted and executed when a user loads an infected page. Denial of service attacks are also popular. This happens when the network hosting a web application is swamped with useless requests sent out by the criminals which creates so much traffic that the network or system crashes.
Its a wild world out there…
Virus Removal – E-Mail Attachment Viruses
Over recent years viruses that are spread in the form of e-mail attachments have become increasingly more common with widespread attacks taking place across the globe, the most famous of which being the CIH virus mail attack.
On 26 April 1998 the first wave of the much feared CIH virus (or Chernobyl virus) struck across the world. The initial spread of this virus was caused by the distribution of infected software and game demo’s, but later even big companies such as IBM were distributing newly built, complete PC systems blissfully unaware that these new systems were already harbouring the CIH virus.
Although the virus was first spread in April 1998, it was not set to activate until a year later on 26 April 1999. If virus removal had not been performed on infected PC’s prior to that date, the virus would be activated. Once activated, the virus had the ability to overwrite the majority of the data on the user’s hard drive, causing havoc within the file system and rendering the user’s PC inoperable.
In 2001 a new strain of this virus was created and distributed globally to thousands of victims in the form of an e-mail attachment. These two attacks combined caused an estimated $8 million worth of damage to computer systems around the world, but unfortunately a lot of this damage could have been avoided if the users had made simple adjustments to their e-mail security settings and updated their antivirus software. These simple adjustments help to protect your system from infection and avoid the difficult task of virus removal after an infection has been detected.
Always check your e-mail security settings to make sure you have the correct security measures in place to combat these attacks should they ever take place again. If you’re security settings are set up to allow JavaScript, Macros or other (possibly malicious) files to execute automatically, then it is vital that you disable these features as soon as possible to ensure that you are not vulnerable to an e-mail based virus attack.