Infosec Weekly Roundup, April 2 – 8 , 2012
SQL Injection through HTTP Headers
The first up for this week is a brilliant post by Yasser Aboukir about a new way for SQL Injection through HTTP Headers.
“During vulnerability assessment or penetration testing, identifying the input vectors of the target application is a primordial step. Sometimes, when dealing with Web application testing, verification routines related to SQL injection flaws discovery are restricted to the GET and POST variables as the unique inputs vectors ever. What about other HTTP header parameters?…”
The Encrypted Elephant in the Cloud Room
The second article is about cloud computing security and the data encryption in the cloud.
“In many cases it’s advised that the master key is not even kept on the same premises as the systems that use it. It must be locked up, safely, offsite; transported via a secure briefcase, handcuffed to a security officer and guarded by dire wolves. With very, very big teeth.”
Spoofed Email with Keylogger Malware Costs Company $100,000
Malwares can cost companies very high so be sure that you are secure against them.
“The IC3 has received several complaints from businesses regarding an e-mail, purportedly from the BBB, which states the BBB has received a complaint from a customer regarding their business.”
Anonymous attacks UK Prime Minister and Home Office websites with DDoS assault
Anonymous group still active and over this week they launched a DDoS against UK Prime Minister website.
“Anonymous hacktivists have launched a distributed denial-of-service attack against the websites of 10 Downing Street and the British government’s Home Office website, preventing legitimate users from visiting the sites by flooding them with unwanted internet traffic.”
What you need to know about the Flashback trojan
This have been the most shared topic in the news as a vulnerabilitity in a third part application and here we are talking about Oracle Java costed Apple to releas two update in two days. Vulnerability affected 600000 Macs to make them open to Flashback Trojan.
“ Flashback would now have infected more than 1 percent of them, making Flashback roughly as common for Mac as Conficker was for Windows. Flashback appears to be the most widespread Mac malware we’ve seen since the days when viruses were spread on infected floppy disks; it could be the single most significant malware infection to ever hit the Mac community.”