Hackers have long been known for their tendency to identify weaknesses in programs, but in today’s world, there are a number of programs that people put to use which are incredibly easy to keep safe. CMS or Content Management Systems are standard on the web today, being the software that runs blogs from all over the world. Two common examples of this are Joomla and WordPress, loved by users globally for their ease of use and high number of features. While these blogs are certainly a good way to get content out to the public, they do need to be updated with patches just as soon as those patches are made available because hackers do look for ways to exploit these programs and attack the web application security. While users might be aware that patching is needed, all too often it is not kept up with and when that happens, big problems can arise. SySmox experienced such a problem when a number of users who had not kept with the patching for their Joomla and WordPress installations unwittingly played a role in helping hackers attack the ISP’s shared hosting servers. The hackers were able to run scripts that caused problems and forced the tech support team to go to battle against the scripts to regain control over the servers by exploiting vulnerabilities in the kernel.
Many people understand how important it is to have web application security both in the e-commerce . One of the primary concerns for organizations is attacks by appsec. However, there are many other very dangerous attacks, including cross site scripting, SQL injection and http verbse attack. Data loss is one of the most common issues following one of these attacks. However, data loss would be the least of an organization’s concerns considering attackers are generally also able to get access to the specific pieces of data they are looking for. An example of why web application security is so important is for when SQL injection allows an attacker to get access to credit card information or data relating to a person’s identity. This is often the type of information that hackers are after of course.
select id, firstname, lastname from authors
If one provided:
the query string becomes:
select id, firstname, lastname from authors where forename = ‘evil’ex’ and surname =’newman’
which the database attempts to run as
Incorrect syntax near al’ as the database tried to execute evil. (continue reading…)
Syrian Electronic Army gain access to Aljazeera network .
After English website . Syrian Electronic Army penetrate aljazeera network .
After Syria hackers take down al Jazeera English website ; Success to aljazeera network , in 01/02/2012 confirmed Tuesday that hackers breached security and had access to the network .
The is an interview with the hackers:
Aljazeera have a local publishing system
so you can login to publishing system only from AlJazeera Office- Doha
We hacked aljazeera network and access the publishing system using user and password
we didn’t publish any news because its need approval but we upload some photos
its just the beginning really
Syrian Electronic Army
The image of the pentest :
Screen 2: (continue reading…)
Syria hackers take down al Jazeera English website :
Syrian hackers Target the Al Jazeera’s “Syria Live Blog” which has been providing ongoing coverage of the Arab League’s observer mission to Syria and developments in the ongoing unrest in the country .
The attacked changed to display a picture of bashar assad .
Hacked by Syrian Electronic Army | Th3 Pr0.
You Got Hacked Again By SEA.
We Want Bashar Al-Assad
The hackers website : http://syrian-es.com/
It look like tha the hackers exploit a web application security in the drupal .
This is the reason :
Web Application Security May Be More Difficult Than Network Security.
With the increased information sharing that has become quite common over the past few years, especially with social networking and business networking, it is inevitable that websites are being attacked. In the past, using a firewall for the computer and putting a lock on the door to the server room were enough to keep anyone from accessing information from a business and web application security wasn’t even envisioned. However, there are browsers that constantly interact with business web applications through websites that sell products or services. Data connections must be open in order to receive customer input and orders, and one never knows when a person accessing their business through the web is a legitimate customer or someone who is trying to hack into the system or attacking the business through the links on the site.
Google’s search result block web pages that contain malware . website owners panic; and they are unsure of how to fix the problem .This article highlights how malware infects a web page and what the woner can do to protect the website .
Your website is running along smoothly until you notice a severe drop in sales and web traffic.You do a quick analysis by searching for your website on google , but when you click the link , you’re redirected to a warning page that annoinces the site poses a danger to visitors.
The message displayed in the browser means the website has been hacked . Before you panic . here ‘s a quick checklist to clean the malware , secure your website , and re-establish a position on google’s search engine .
Several malware applications are spread on the internet through infected web pages and executable downloads . for instance ,The hackers exploit vulnerabilities in web applications and inject malicious code , You may using a vulnerable open source wordpress ,Ckfinder …
An other attack : gumblar virus is spread through PDF documents and flash pages . The malware applications find passwords hidden on the website owner’s computer and infect hist web pages with malicious code . (using ftp services)
The code can be spread of malware . The infected website is detected by google’s search engine spider , and the company provides the warning seen in the user’s browser. (continue reading…)
Saudi Hackers Claims hack of hundreds of thousands of ‘Israelis credit cards’ after hacking one website
Saudi Hackers Claims hack of hundreds of thousands of ‘Israelis credit cards’ after hacking one website Saudi hackers , I seem that hackers exploit a critical vulnerabity in the web applications of one.co.il