Infosec Weekly Roundup, April 2 – 8 , 2012

SQL Injection through HTTP Headers

The first up for this week is a brilliant post by Yasser Aboukir about a new way for SQL Injection through HTTP Headers.

“During vulnerability assessment or penetration testing, identifying the input vectors of the target application is a primordial step. Sometimes, when dealing with Web application testing, verification routines related to SQL injection flaws discovery are restricted to the GET and POST variables as the unique inputs vectors ever. What about other HTTP header parameters?…”

http://resources.infosecinstitute.com/sql-injection-http-headers/

The Encrypted Elephant in the Cloud Room

The second article is about cloud computing security and the data encryption in the cloud.

“In many cases it’s advised that the master key is not even kept on the same premises as the systems that use it. It must be locked up, safely, offsite; transported via a secure briefcase, handcuffed to a security officer and guarded by dire wolves. With very, very big teeth.”

https://devcentral.f5.com/weblogs/macvittie/archive/2012/04/04/the-encrypted-elephant-in-the-cloud-room.aspx

Spoofed Email with Keylogger Malware Costs Company $100,000

Malwares can cost companies very high so be sure that you are secure against them.

“The IC3 has received several complaints from businesses regarding an e-mail, purportedly from the BBB, which states the BBB has received a complaint from a customer regarding their business.”

http://infosecisland.com/blogview/20898-Spoofed-Email-with-Keylogger-Malware-Costs-Company-100000.html

Anonymous attacks UK Prime Minister and Home Office websites with DDoS assault

Anonymous group still active and over this week they launched a DDoS against UK Prime Minister website.

“Anonymous hacktivists have launched a distributed denial-of-service attack against the websites of 10 Downing Street and the British government’s Home Office website, preventing legitimate users from visiting the sites by flooding them with unwanted internet traffic.”

http://nakedsecurity.sophos.com/2012/04/07/anonymous-attacks-home-office/

What you need to know about the Flashback trojan

This have been the most shared topic in the news as a vulnerabilitity in a third part application and here we are talking about Oracle Java costed Apple to releas two update in two days. Vulnerability affected 600000 Macs to make them open to Flashback Trojan.

“ Flashback would now have infected more than 1 percent of them, making Flashback roughly as common for Mac as Conficker was for Windows. Flashback appears to be the most widespread Mac malware we’ve seen since the days when viruses were spread on infected floppy disks; it could be the single most significant malware infection to ever hit the Mac community.”

http://www.macworld.com/article/1166254/what_you_need_to_know_about_the_flashback_trojan.html

That’s all for this week, if you have more information security news please to share them with our readers by sending emails or using the contact form.

Share
You can leave a response, or trackback from your own site.