A client called me a few weeks back cursing like Joe Pesci with Tourette's Syndrome. He had found himself defending against a maelstrom of security issues that had "become unmanageable" as he put it.
This was right at the time that we were dealing with yet another round of e-mail-borne worms and viruses, while simultaneously drowning in urgent doomsday warnings about the ASN.1 issue -- presented as the "Oh my Lord in Heaven" vulnerability by everyone and their grandmother.
A new malicious computer program has been detected that can create networks of remotely controlled computers to take part in online attacks, send junk e-mail messages as spam and engage in other shady activities common to the bad neighborhoods of cyberspace.
The new program, known as "phatbot" or "polybot," uses technology like that developed for file-sharing networks like Gnutella and KaZaa to control the machines. ("Bot" is shorthand for "software robot," a term generally applied to automated software.)
More than 1,400 Canadians, primarily in the provinces of British Columbia and Alberta, have been notified of a major security breach at Equifax Canada Inc., a national consumer-credit reporting agency.
Equifax confirmed yesterday that it discovered the breach in late February and has notified affected consumers via registered mail asking that they contact the agency to review the contents of their respected credit files.
San Diego State University (SDSU) is warning over 178,000 students, employees, and alumni that malicious hackers have accessed a server containing names and Social Security numbers, and advises those affected to review their credit histories for suspicious activity. The hackers broke into an Office of Financial Aid and Scholarships server to store mp3 music files and send spam messages in late December 2003. The server was taken off the network after the break-in was discovered in February 2004.
In the last couple of years, attacks against the Web application layer have required increased attention from security professionals. This is because no matter how strong your firewall rulesets are or how diligent your patching mechanism may be, if your Web application developers haven't followed secure coding practices, attackers will walk right into your systems through port 80. The two main attack techniques that have been used widely are SQL Injection [ref 1] and Cross Site Scripting [ref 2] attacks.