March 11, 2010 06:14 PM ET
March 11, 2010 06:14 PM ET
George Kurtz, CTO of McAfee Security, revealed new details of the recent attack on Google and other companies in a blog post this afternoon. A “zero-day” bug–a previously undiscovered vulnerability–in Microsoft’s Internet Explorer browser seems to have been a key part of the attack.
The attack on Google’s infrastructure, which Kurtz calls “Operation Aurora,” was able to steal some of the Web giant’s intellectual property, apparently in the process of pursuing access to the e-mail accounts of Chinese human-rights activists. Google has said that the same attack hit at least 20 other large companies. Continue reading
Tired of being attacked by foreign countries? Here is some useful network assignment information so you can configure your IDS and Firewall against them. Simply block ANY and ALL traffic from network ranges to be safe! Be careful not to block your own neighborhood, unless you really mean to. The list is not complete, but I’ll add updates as I find them. Continue reading
With the large number of hackers and the increasing threat from overseas hackers, more and more business are at risk for attack and exploitation. There are many types of hackers and certainly many degrees of intent and purpose. The majority of hackers are usually programmers and network security specialists, who likely have a day job under the guise of the 9-to-5 John Doe. Your business could be vulnerable to attack from internal sources as well as external. The question remaining to present to your programmers and network administrators: “Is anyone here a skilled hacker?” Continue reading
Does your Flash movie stop working because your links need the crossdomain.xml file, but you can’t place it at the root level?Â The crossdomain.xml file can be relocated to non-root locations, and that location can be defined in your Flash movie. The code is at the bottom of this article, and below is some expert advice on Flash security and cross site request forgery issues you must understand to protect your site.
When an attempt is made to load content into a SWF file at runtime, the request is subject to the Flash Player security model, which is in place to protect users and website owners. As part of this model, Flash Player by default prevents cross-domain loading of data, but allows cross-domain sending of data.
This article discusses some of the common security issues that you should consider when deciding how to use a cross-domain policy file on your server. In general, websites using cross-domain policy files increase their security exposure. This is because the cross-domain policy file used by Flash Player allows access to information by more domains than are allowed in the default configuration. As with any security mechanism, use of the cross-domain policy requires careful analysis of the proposed application architecture and threat model to understand potential risks.
Note: Using a cross-domain policy file could expose your site to various attacks. Please read this document before hosting a cross-domain policy. Continue reading
With the web and business web sites accessible by everyone (including malicious hackers) the security of your web application is at the top of the list of security issues on experienced PHP web developers’ minds. Lets look at some security concerns of PHP Security Developers, and what they can do to make their web applications more secure.
With more and more personal information — such as credit card information, maiden names, passwords, etc. — being stored on the web, any developer(especially a PHP developer) cannot afford to be lax about application security. The most secure website is one that does not have any PHP or CGI or even HTML. But then it would not be a website at all, would it Continue reading
Hackers typically approach an attack using five common phases. It is important to understand these phases of hacking attacks in order to better defend against them. Here we’ll discuss the five hacker phases to better understand them and how they relate to each other. This information is useful for network administrators, and essential for network security consultants. Continue reading
Spam has become a worldwide epidemic, and prevention is the current focus. A day will come when a cure is sought more aggressively than a bandage, but for now companies are making tons of money selling us filters and spam prevention kits. Our approach at the PHP Kemist is to byte back with encrypted or obfuscated email addresses that spamBots cannot scrape or harvest from your web pages. Continue reading
As a business owner, risks are a given. Operational risks. Management risks. Privacy risks. All of these risks are intensified when you leave the office, says Victoria Fodale, Program Manager/Analyst, for Scottsdale, Ariz.-based research firm In-Stat. â€œThe small business owner is mobile a lot of the time. They probably carry a PDA or a smart phone or a notebook that contains business-critical information,â€ she explains. â€œBut being mobile can become a liability if this information is lost or stolen.â€ You can minimize your risks, however, by following a few simple tips, detailed below. Continue reading
Broadband services and the ability to work remotely may have huge benefits when it comes to productivity. But without proper protection they leave you and your network exposed to a variety of incursions. Denial of Service attacks, for example, can deprive you of access to a resource such as your network, e-mail or your website and can destroy files and programming on your computer systems. A Trojan Horse on the other hand is a piece of programming that sneaks onto your system and lurks until it’s triggered by a date or event, at which time it activates and destroys files or creates a back door for intruders to enter. Attacks such as these can cost you a considerable amount of time and money. However they can be avoided by installing a firewall across your systems. Continue reading