Global IT security vendor Panda Security has launched a new cloud-based, SaaS (Security-as-a-Service) solution for corporates, Panda Cloud Internet Protection. This complete security service protects all business resources from Internet-borne threats, including botnets, phishing, cross-site scripting and other complex Web 2.0 attacks. It also offers P2P protection and browser vulnerability security.
Panda Cloud Internet Protection also includes a powerful access control feature, allowing businesses to filter URLs and regulate use of Web 2.0 applications (social networks, blogs, streaming, webmail and instant messaging). It leverages dynamic content classification technologies (DCCTM) to identify these applications. It also integrates with LDAP/AD for authentication.
Egypt is responsible for three per cent of the world’s malware designed to steal computer passwords according to Cairo ICT 2010 exhibitor Kaspersky Lab, a leading developer of secure content management solutions.
Speaking on the sidelines of one of the region’s biggest information and telecommunications technology events, Tarek Kuzbari, Managing Director of Kaspersky Lab, Middle East, said that Egypt was identified as the region’s top creator of PSW Trojans, a special version of malware specifically designed to steal passwords and log in details from computer users.
“This can prove very dangerous for unsuspected and unprotected Internet browsers as their online banking details and other vital information stored online can be compromised and used against them and at their expense by unscrupulous cyber criminals,” he said.
An upsurge in African cybercrime targeting the financial sector threatens to derail the rollout of Internet banking and electronic commerce services and has forced the Nigerian government to raise an alarm over the vulnerability of the country's ICT infrastructure.
Nigeria joins other countries in Africa, including Zambia and Kenya, in warning about problems for online banking as a result of cybercrime.
Africa is experiencing an explosion of mobile money services as banks and mobile providers compete for customers who would otherwise not have a bank account. This has increased phishing attacks on unsuspecting customers, in efforts to lure them to fake sites.
Cybercrime in the region has further increased following the landing last year of the SEACOM and TEAMS international cables, which are starting to lower bandwidth and Internet connectivity costs.
Nigeria now wants to formulate a legal framework for national cybercrime prevention, while the Zambian government already has enacted a law that could see a convicted hacker being sent to prison for up to 25 years.
Nigeria is Africa's largest telecom market by investment and subscribers and the country now wants to work with other nations in the region on cybercrime prevention and warning systems. Currently, very few banks that provide Internet services are able to also offer security software to curb cybersecurity attacks. Phishing attacks aimed at bank customers feature unsolicited messages instructing users to follow a link to confirm their account information, as a way for criminals to obtain passwords and user identities.
Sylvester Anyanwu, Nigerian Senate Communications Committee chairman, said in an e-mail interview that "Nigeria, which has 90 percent wireless ICT infrastructure, is very vulnerable to cyber attacks. But we are preparing to ensure the country does not become hostage to cyber criminals."
Like the Communications Commission of Kenya (CCK), the Zambia Information and Communication Technology Authority has this week announced the launch of a vigorous campaign to educate consumers about cybercrime.
The Zambian government has introduced the National Policy Framework on Cyber Crime, a package of laws that criminalizes cybersecurity activities that had not been covered in the ICT policy and computer misuse law. Last year, the Zambian government also approved a global cybersecurity protocol that is aimed at protecting Internet users.
However, communication experts warns that Zambia, like many other countries in Africa, lacks the skills, equipment and organizational abilities to fight cybercrimes.
Generally, ignorance has been cited as the reason many people in Africa fall prey to online scams as the criminals' Web sites are built to entice and make people fill out even intimate details.
Joseph Mkandawire, a Zambian businessman who fell victim to a phishing e-mail last week, said the message that asked for his details looked genuine.
"Criminals are then using my e-mail address to appeal for financial assistance claiming that I was stranded in a foreign country because I have run out of cash when in fact I'm in Zambia," Mkandawire said.
The Zambia Information and Communication Technology Authority, the country's telecom sector regulator, has warned it will review license conditions for ISPs that fail to provide security measures.
This information is intended for education purposes and the author is not responsible for any misuse or damage caused if tried on a system without permission.
A friend of mine came to me with a problem which am sure you may have encoutered one time or another, his clients' email had been hacked so they were blocked out of their own accounts. This article is not about how to hack or secure emails its about the problem faced by all web application desginers -Authentication.
Before we proceed lets go over the a few applied authentication methods used currently in Web Applications.
1. Basic Authentication
This kind of authentication requires that a special file .htpasswd, containing the credentials of the individuals who are authorised to access a resource, be placed in the directory which is to be secured.
2. Digest Authentication
Digest access authentication is one of the agreed methods a web server can use to negotiate credentials with a web user (using the HTTP protocol). Digest authentication is intended to supersede unencrypted use of the Basic access authentication, allowing user identity to be established securely without having to send a password in plaintext over the network. Digest authentication is basically an application of MD5 cryptographic hashing on credentials to prevent cryptanalysis.
Digest authentication was a pretty good idea but it didnot pick up as expected.
3. Forms-Based Authentication
This is by far the most used authentication method due its dynamic ability to link with DBMS and tracking of user sessions.
4. Single Sign-On (SSO) Authentication and Shared authentication Schemes
Single sign-on (SSO) is a property of access control of multiple, related, but independent software systems.
With this property a user logs in once and gains access to all systems without being prompted to log in again at each of them.
Examples of SSO systems include Microsoft's .Net Passport which automatically logs a user into a resource if he/she is already logged into his account.
An example of a shared authentication scheme is the once much hyped OpenID which require additional sign-on for each web site though the same authentication works on several web sites.
Attacks on Web Application Authentication and tools used. Lets now delve into the details of the different etchniques used to defeat Web Application Authentication
1. Bruteforce/Dictionary Attacks
Mathematically virtually any password given sufficient computing power will eventually be cracked, bruteforce attacks mimic the act of a user trying to authenticate with a particular web application. These tools will systematically try out a list of passwords against a specific user account orlist of user accounts until a
match is found or until the list is exhuasted. There is a myth that Yahoo, Gmail, Live are impervious to hacks......but i beg to differ, if an attacker has several proxies at his disposal and an attack tool that randomises the authentication attempts he will go virtually unnoticed.
Anyway enough debates about which of the accounts is "unhackable" and lets proceed to the tools that can be used to initiate such attacks.
2. SQL Injection
SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed.
Not only can it be used to bypass authentication but it can be used to cause server-wide or even enterprise-wide damage if conditions are right.
There is alot of information about SQL injections so i won't pretty much repeat it but here are some suggestion.
The list is small and not at all comprehensive....but they all basically revolve about filtering...period
Now all these are relative depending on your web application
This can be extremely dangerous in breaking SSO and shared authentication schemes if the attacker is knowledgeable Phishing is a very blunt form of what is known in security as a man-in-the-middle attack. The general idea is to
impersonate a website with the intent to steal important information from users. Phishing sites are distinguishable only by the hostname in the URL.
4. Cross-site Scripting(XSS) attacks
Cross-site scripting is a type of computer security vulnerability typically found in web applications which enable malicious attackers to inject client-side script into web pages viewed by other users. An exploited cross-site scripting
vulnerability can be used by attackers to bypass access controls such as the same origin policy
Again alot has been written about XSS but i will list the basic mitigation techniques but yet again the list is not exhuastive since alot of material is readily available about the topic.
5. Other Techniques
Now when u think you have all your bases covered some hardware of software keylogger is recording your every keystroke....i know it sucks...malware falls in many categories some steal senstive information download updated modules of themselves which information can later be used to compromise user accounts.
Some techiniques worth metioning are Social Engineering, MITM attacks.....so much as this entire article is not exhaustive, it paints the picture of various techniques used....
Computer viruses can be a nightmare. Some can wipe out the information on a hard drive, tie up traffic on a computer network for hours, turn an innocent machine into a zombie and replicate and send themselves to other computers. If you've never had a machine fall victim to a computer virus, you may wonder what the fuss is about.
Am going to take a look at some of the top 10 worst computer viruses to cripple a computer system in history . Let's start with the love virus.
1. I Love You
They say you always hurt the ones you love. In 2000, this was taken to extremes when the ILoveYou virus caused $5.5bn in damages.
The concept was pretty simple: a user receives a file from a known email contact under the title 'LoveLetter' or 'ILoveYou'. When the attachment is opened, the virus is launched. After infecting the host, the virus then took control of the user's email program and sent the same 'ILoveYou' message to every user in the host's address book.
Love must have been in the air, because the virus was potent enough to infect some 10 per cent of internet-connected machines at its peak. At a time when many users were still trying to learn the finer points of the internet, ILoveYou was a major wakeup call to some of the dangers on the web.
Everybody wants to be loved and ILoveYou was brilliant social engineering. It helped that the virus was spammed out in the early days of internet use and there were a lot of newbies online who had only a vague idea about viruses and how dangerous they could be.
Email was a trusted format and, because the messages came from people the recipient actually knew, the likelihood of them being opened was much higher.
Things are different today, although there are still plenty of people who get caught by social engineering attacks, but ILoveYou makes it so high in the list because it was a brilliant piece of social engineering.
Just how much damage can a virus do? Well, take the Sasser worm as one example. This relatively simple little attack managed to cripple airlines, news agencies and even knocked out government systems.
Perhaps most frustrating, however, was that Sasser infection was very easy to prevent. The vulnerability which the attack exploited had been patched for months, and all users had to do was install the most recent security updates from Microsoft.
Sasser was a stark warning that has yet to be heard by many. Unpatched systems are still pervasive around the world, leaving users vulnerable to Sasser and countless other malware attacks that target patched vulnerabilities.
Ah yes, the old 'infect the host then resend to the entire address book' attack method. Like many other attacks, MyDoom used the tried-and-true practice of spreading through email and address books.
But MyDoom went a step further and targeted peer-to-peer networks. The worm not only spread itself through address books but through the shared folder of users who ran the Kazaa file sharing application.
While definitely skilled programmers, MyDoom's creators also seemed to be fans of good old-fashioned vigilante justice. One of the early tasks performed by infected users was to take part in a denial-of-service attack against SCO, the infamous software vendor that once tried to lay claim to the patents for Linux.
A week after the 11 September atrocities a new virus hit the internet in a big way. Nimda was one of the fastest propagating viruses in history, going from nowhere to become the most common virus online in 22 minutes, according to some reports.
The reason for this speed was that Nimda used every trick in the book to spread itself. It used email, open network shares, IIS vulnerabilities and even web sites to spread. It hit pretty much every version of Windows available and appeared all over the place.
In the paranoid days after the terrorist attack some speculated that this was a digital 11 September, and some security consultants got large speaking fees for suggesting just that. In fact, it was nothing of the sort and was just another attempt at large scale infection.
Melissa was created by David L. Smith in 1999 and is based on a Microsoft Word macro. He intended to spread the virus through e-mail messages. The virus prompts the recipient to open a document and by doing so the virus gets activated. The activated virus replicates itself and will be transferred to 50 persons whose address is present in the recipient’s e-mail address book. The virus was spread rapidly after it was unleashed by Smith. The increase in e-mail traffic due to the virus forced some companies to block e-mail programs until the virus attack was controlled.
Before Conficker came around and got everyone worked into a lather, Storm was the big bad botnet on the block. First appearing in early 2007 as a fake news video on European flooding, the Storm malware menaced users for more than a year.
The huge botnet was also influential for its continued use of social engineering tactics. The malware disguised itself as everything from video files to greeting cards, and attacks were continuously refreshed to coincide with holidays and current news events.
While Storm has since been eclipsed by newer botnets, the name still brings to mind one of the most menacing attacks seen in recent years.
The global catastrophe that wasn't, the third form of the Conficker attack provided nice theatrics but little in the way of actual damage.
The premise was pretty simple: Conficker.C would spread to as many machines as possible throughout March. Each infected machine was given a huge list of domains, one of which would be contacted by 1 April.
The deadline made all the difference. Now, Conficker wasn't just a simple malware infection, it was a 'ticking time bomb', and a looming menace that would unleash carnage. Or at least that's what the story turned into when unscrupulous security vendors and tech-newbie news outlets got hold of the story.
8. SQL Slammer/Sapphire SQL
Slammer/Sapphire virus caused a damage of more than $1 billion and the affected networks included Bank of America’s ATM service, Continental Airlines etc . A few minutes after the infection of the first Internet server, the number of victims of the Slammer virus doubled every few seconds. After Fifteen minutes of the first attack, half of the servers that act as the pillars of the Internet were affected by the virus.
The Slammer virus taught a valuable lesson: It's not enough to make sure you have the latest patches and antivirus software. Hackers will always look for a way to exploit any weakness, particularly if the vulnerability isn't widely known
Klez is a persistent little devil, and variants are still doing the rounds today, seven years after it first turned up.
The most common varient, Klez H, spoofs email addresses by randomly picking one from an infected machine before sending itself on to other users. This makes backtracing the identity of the infected machine particularly difficult, since any email stored for any reason can be used.
It exploits a vulnerability in Outlook that allows it to boot up automatically on unpatched systems. It's a cunning little devil but for all its ingenuity I still want to strangle the writer.
10. Elk Cloner
Elk Cloner was written by a 15-year old high school student called Rich Skrenta as a practical joke. Unfortunately for him the joke turned bad very quickly.
The virus was developed for the Apple II system and was a boot sector virus that spread via floppy discs. Apparently Skrenta was a fan of pirated games and would swap them with his friends, sometimes with little messages added. After one too many of these infected discs, he devised a way to alter discs automatically and the Elk Cloner virus was invented.
It had little in the way of a payload. Every 50th time a person booted an infected disc the software ran a little program on the computer screen, and that was it. Nevertheless it was a serious annoyance and was a harbinger of things to come.