Tuesday, 15 January 2013

is your website secure?

Is you Website Secure?
Some people do ask why will someone hack me?
What will they get from there?
They wont get anything from my site....
So many websites have been defaced in the recent times, some contents have been wiped . Dont wait till you become a victim before you start acting.  A vulnerable site not only affects the confidentiality of data, integrity and Availability for access, but sometimes infests visitors machines with virus. Sometimes attackers are able to control the victims machine after the sites has been successfully hacked.

Website is most accessible asset could be accessed from anywhere from the part of the world so also it could be attacked from any part of the world. Routine checks on your IT infrastructure, websites and In house training for those in IT department will help secure your assests.

If Security of those assets are not implemented, Data recovery and reputation management after such assest are hacked costs alot of money and effort. It will take some time before people can entrust their data and assets in your disposal.

There are several things that we do that cost us our money due to ignorance. Sometimes we say education is expensive but to be realistic ignorance is more expensive.
 How do we beat ignorance? Is educating your self . Attend seminars , read books, share with people who could help you by telling you the right steps to take, give you guidelines.

Data leakage can be prevented if system nd network checks are performed from time to time , and web scans . A thorough Penetration testing on sites and networks. Wireless security is not left out. Wireless network is accessed by an attacker, he could sniff datas, do many malicious activities over the network.

For more stay put more guide lines and tips on how to secure your data, Networks, websites.  You can also contact us at cyberinfocts (at) yahoo (dot) co (dot) uk. We also conduct training on Information Security, ethical hacking, penetration testing, Digital Forensics, cyber security, web application Security.

We also perform penetration Testing on websites, network , wireless devices.
Corporate training and solutions

Hackers News

The Steubenville FilesTwo high school football players in Steubenville, Ohio are under arrest for the sexual assault of a 16-year-old girl. Newly leaked video sheds more light on what may have happened to a girl who told police she was raped by these high school football players in August. Trent Mays and Ma'lik Richmond- have been arrested and charged with raping a fellow 16-year-old, taking her to a number of parties when she was too drunk to resist, digitally penetrating her and possibly even urinating on her.  A small group of information activists was able to do what 3 Ohio state law enforcement agencies couldn't.

Hackers crew Jember Hacker terrorists (JHT) deface the official website of Indonesian president (http://www.presidensby.info) with a message reads, “This is a PayBack From Jember Hacker Team”. Hackers deface website of president Susilo Bambang Yudhoyono (SBY) apparently in protest at growing corruption and wealth inequality in the country and because of increasing anger at the current administration. Deface page mention hacker code name as "MJL007" who performed the hack and government is working with law enforcement teams to examine log files in a bid to trace the origin of the attack.

nasa hacked
Another basic security loop-hole in NASA website lead to a Hack. This time hacker going by name "p0ison-r00t" deface a sub domain of NASA (http://spaceyourface.nasa.gov/). The hacked sub domain running a web application using flash, that allow visitors to create some funny videos of Space using Faces. Hacker able to upload his text on the website, as shown in screenshot taken by 'The Hacker News'. We contact hacker to know more about the hack, on asking How ? Hacker said,"I found a form on website, accepting file upload but without validating the extension, that allow me to upload a php shell on server". 

Israel preparing Cyber Iron Dome Shield Israel's Prime Minister officially opened a new national program to train teenagers in the art of cyberwarfare. The program named "Magshimim Le'umit", is to prepare them for their future role in the military and intelligence community. Israel Prime Minister Binyamin Netanyahu said the country's computer systems are facing attacks from Iran and other countries, and such attacks are set to increase in the digital age. The new program will accept outstanding pupils aged between 16 and 18 and train them to intercept malicious attacks through a three-year course.

team ghostshell Team Ghostshell a Hacktivists group of hackers, who before was in news for hacking Major Universities Around The Globe and leaked 120,000 records, are once again hit major organisations and expose around 1.6 million accounts  Hacker name the project as #ProjectWhiteFox , means "Freedom of Information" . These leaked 1.6 millions user accounts belongs to aerospace, nanotechnology, banking, law, education, government, military, all kinds of wacky companies & corporations working for the department of defense, airlines and more

Ministry of Justice of Qatar Hacker Going by name "human mind cracker" discovered SQL injection vulnerability in official website of Ministry of Justice of Qatar. He has successfully breached the database and dump it on internet. Exploited Domain : http://www.justice.gov.qa Hacker Mentioned no reason to hack this website in his note, neither any user information published. According to the note, he just expose the bug and exploit it using Boolean based blind injection to show Database structure including table names.

Teamr00t Hack Syrian Government Sites The Syrian government is almost certainly responsible for a blackout Thursday that shut down virtually all Internet service in the country. However, The Syrian government blamed the outage in internet service and mobile coverage in some areas on the armed groups' sabotage acts against cellular broadcast centers.Hacker with name Teamr00t has hacked and defaced Syrian government and showed their support for the people of Syria against President Bashaar Al-Assad's latest actions in shutting down the internet. 

Thai police arrested an Algerian Hacker, wanted by the US Federal Bureau of Investigation for allegedly making millions from cybercrime. Hamza Bendelladj, 24, was arrested late Sunday while attempting to transit through Bangkok's Suvarnabhumi Airport from Malaysia.
FBI wanted Algerian Hacker Arrested in Thailand
Police confiscated from Bendelladj two laptops, one tablet computer, a satellite phone and a number of external hard drives, where satellite phone and notebook computer were his main tools, the commissioner said.
Bendelladj graduated in computer sciences from Algeria in 2008, has allegedly hacked private accounts in 217 banks and financial companies worldwide. "With just one transaction he could earn 10 to 20 million dollars," Lt Gen Phanu said. "He's been travelling the world flying first class and living a life of luxury."
Bendelladj will be extradited to the U.S. state of Georgia, where a district court has issued an arrest warrant. “I'm not in the top 10, maybe just 20th or 50th,” Bendelladj said with a laugh. “I am not a terrorist.”

Penetration Testing

Attackers penetrate networks and systems exploit vulnerable software and hardware, once they get access, they burrow deep into target systems and broadly expand the number of machines over which they have control. Most organizations do not exercise their defenses, so they are uncertain about their capabilities and unprepared for identifying and responding to attack.
Penetration testing involves mimicking the actions of computer attackers to identify vulnerabilities in a target organization, and exploiting them to determine what kind of access an attacker can gain. Penetration tests typically provide a deeper analysis of security flaws than a vulnerability assessment. Vulnerability assessments focus on identifying potential vulnerabilities, while penetration testing goes deeper with controlled attempts at exploiting vulnerabilities, approaching target systems as an attacker would. The result provides deeper insight into the business risks of various vulnerabilities by showing whether and how an attacker can compromise machines, pivot to other systems inside a target organization, and gain access to sensitive information.

What is required:
Conduct regular external and internal penetration tests to identify vulnerabilities and attack vectors that can be used to exploit enterprise systems successfully. Penetration testing should occur from outside the network perimeter (i.e., the Internet or wireless frequencies around an organization) as well as from within its boundaries (i.e., on the internal network) to simulate both outsider and insider attacks.