Top Six Database Attacks

Thursday, May 8th, 2008

It takes the average attacker less than 10 seconds to hack in and out of a database -- hardly enough time for the database administrator even notice the intruder. So it’s no surprise that many database attacks go unnoticed by organizations until long after the data has been compromised. And surprisingly, ...

SQL Injection Worm on the Loose

Wednesday, May 7th, 2008

A loyal ISC reader, Rob, wrote in to point us at what looks to be a SQL Injection worm that is on the loose.  From a quick google search it shows that there are about 4,000 websites infected and that this worm started at least mid-April if not earlier.  Right ...

PHP Weak Random Number Seed Vulnerability

Wednesday, May 7th, 2008

Since version 4.2.0 PHP automatically seeds the random number generators on the first usage of rand() and mt_rand(). This is done with the help of the GENERATE_SEED() macro. Unfortunately it was discovered that the GENERATE_SEED() macro contains several problems that can lead to a weaker seed than expected. In the worst ...

Who Killed My Hard Drive?

Tuesday, May 6th, 2008

You've heard the threat before: A virus or Trojan could infect your PCs and wreck their hard drives. But how often does it really happen -- and how bad is the damage? A new university study suggests that hard-drive-killing attacks launched by hackers are actually pretty rare -- but when they ...

New Spam Attack Exploits Edunet Servers

Monday, May 5th, 2008

Researchers have discovered a new, complex spam attack that uses a sophisticated ruse to fool users into downloading malware. The exploit, which researchers at BitDefender call "a spam-sending scheme of Byzantine complexity," features spam messages that claim to contain links to videos. When users try to click and see the video, ...

Simple Pharming

Monday, May 5th, 2008

Today I decided to give a very brief example on pharming and why it's so easy to pharm surfers with little or no skills. Usually, browser exploit writers give simple examples on how to read the boot files, or launch a calculator. There is so much you can do with ...

Phishers Mimic Google Adwords

Saturday, May 3rd, 2008

Google Adwords account holders are being targeted by criminals out to trick them into handing over credit card information using a clever URL spoof that has gained popularity in recent weeks. On the face of it, the scam follows a traditional attack route involving the sending of spam e-mail to random ...

Malicious hardware may be next hacker tool

Thursday, May 1st, 2008

As if computer viruses and worms aren't enough of a nuisance, malicious hardware, which will be much more difficult to detect, could soon become a threat too. Today, computer viruses, which are programs downloaded either as an email attachment or when someone visits a website, are responsible for most computer attacks. ...

Wireless modem considerations

Thursday, May 1st, 2008

I am pretty sure that there are a number of you out there reading this blog over a wireless network. Given that wireless is so widely distributed these days, its not uncommon that users are unaware of how insecure their wireless setup maybe. Unfortunately one other reality is that a number ...

Securing Your Web Browser

Wednesday, April 30th, 2008

This paper will help you configure your web browser for safer internet surfing. It is written for home computer users, students, small business workers, and any other person who works with limited Information Technology (IT) support and broadband (cable modem, DSL) or dial-up connectivity. Although the information in this document may ...