Web Breaches You Should Know About
Adding to the long list of web attacks in recent weeks and months, dozens of Military and Pentagon websites have been the victim of a hack attack. Social networking giant Twitter was again the target in a separate but equally high profile hack attack.
SQL injection vulnerabilities in dozens of Military, United Nation and Pentagon domains were exposed by a hacker names (~!White!~). SQL Injection is one of the many web attack mechanisms used by hackers to steal data from organizations.
Through a Pastebin note hacker announce more details about his findings in many sensitive websites, including Pentagon Defense Post Office Website, Office of the Deputy Director for Science Programs, Wiesbaden Military Community, NMCI Legacy Applications, Darby Military Community, Department of Economic and Social Affairs at United Nation and many more.
SQL Injection is the hacking technique which attempts to pass SQL commands through a web application for execution by the back-end database. If not sanitized properly, web applications may result in SQL Injection attacks that allow hackers to view information from the database or even can wipe it out.
Twitter also announced that they recorded some unusual access patterns that is identified as unauthorized access attempts to Twitter user data. The uknown hackers may have gained access to passwords and other information for as many as 250,000 user accounts
“The attackers may have had access to limited user information – usernames, email addresses, session tokens and encrypted/salted versions of passwords” said Bob Lord ,Director of Information Security, at Twitter.
For security reasons twitter have reset the passwords and revoked session tokens for these suspected compromised accounts.
“This attack was not the work of amateurs and we do not believe it was an isolated incident,” he added. “The attackers were extremely sophisticated and we believe other companies and organisations have also been recently similarly attacked.”
Twitter have not stated how the hackers were able to infiltrate their systems, but Twitter’s blog post suggested the hackers had broken in through a zero day vulnerability in Oracle’s Java software.
Website Security Solutions from HANDD
HANDD Business Solutions, the UK’s leading Data Security and Secure File Transfer experts, offer premium web application security solutions with WhiteHat Sentinel – the industry leading premium website security solution.
Sentinel website security ensures real-time website security with an unlimited number of vulnerability scans and a team of real people monitoring your web assets all year round, offering a far greater level of security than traditional penetration testing methods.
Free Website Security Risk Check Report – WhiteHat ‘RiskCheck’One of our essential resources, the free Website Security RiskCheck Report from WhiteHat Security draws anonymous website data collected from organizations comparable to yours to create a custom risk profile of your Web Applications based upon your survey input.
RiskCheck survey results use real time data and are matched against other organizations in your industry of the same size. Your custom RiskCheck report will provide insight into how your website security stacks up against other organizations of the same caliber.
It is important to note that this website security risk check is completely non-invasive. Your website is not scanned. ‘RiskCheck’ instead uses anonymous data collected from comparable organisations websites, ensuring an accurate risk assessment without the invasive nature of common website security scans and risk checks. Get your Website Security RiskCheck Report now! →