Web application security

Syria hackers take down al Jazeera English website :

aljazeera hacked

Syrian hackers Target the Al Jazeera’s “Syria Live Blog” which has been providing ongoing coverage of the Arab League’s observer mission to Syria and developments in the ongoing unrest in the country .

The attacked changed to display a picture of bashar assad .

Hacked by Syrian Electronic Army | Th3 Pr0.

You Got Hacked Again By SEA.

We Want Bashar Al-Assad

The hackers website : http://syrian-es.com/

It look like tha the hackers exploit a web application security in the drupal .

The zone-h Defacement attack .

This is the reason :

cyber army in syria

Smartphones and Security: Protecting Yourself in 5 Easy Steps

Smart phone Security

Many people remain unaware that smartphones face even greater security threats than home computers. Viruses, hacking and theft can put sensitive personal information at risk. An article published in The Star Press during early 2012 warned that hackers frequently obtain account information and credit card details from smartphones. This also happens to the users of home and business computers.

However, the many integrated features of a smartphone make it even more valuable to hackers. It’s possible for them to listen in on your telephone calls and take pictures with the phone’s built-in camera, according to The New York Times. Some hackers can even monitor your personal conversations when the phone appears to be off. Over 1 million smartphones have already been hacked.

Fortunately, you can follow these tips to minimize smartphone security risks:

1. Use care when downloading smartphone applications. It can be very hazardous to download apps that were designed with ill-intent or negligence. Pennsylvania State University warns that such applications may cause serious harm to users, devices and cellphone networks. They can steal private information or make your smartphone more vulnerable to hacking. A study conducted by PSU in 2010 found that two out of three well-known apps transmit private data without user consent. Some retrieve the user’s phone number or location.

One way to find safe applications is to obtain them from reputable companies. You should know who created an app before using it. Some apps have lists of permissions that you can view before starting a download, according to The New York Times. Carefully inspect these lists and see if they make sense. For example, a card game shouldn’t have permission to take pictures or check your current location. (continue reading…)

Web Application Security May Be More Difficult Than Network Security.

With the increased information sharing that has become quite common over the past few years, especially with social networking and business networking, it is inevitable that websites are being attacked. In the past, using a firewall for the computer and putting a lock on the door to the server room were enough to keep anyone from accessing information from a business and web application security wasn’t even envisioned. However, there are browsers that constantly interact with business web applications through websites that sell products or services. Data connections must be open in order to receive customer input and orders, and one never knows when a person accessing their business through the web is a legitimate customer or someone who is trying to hack into the system or attacking the business through the links on the site.

(continue reading…)

malware in website

Google’s search result block web pages that contain malware . website owners panic; and they are unsure of how to fix the problem .This article highlights how malware infects a web page and what the woner can do to protect the website .

Your website is running along smoothly until you notice a severe drop in sales and web traffic.You do a quick analysis by searching for your website on google , but when you click the link , you’re redirected to a warning page that annoinces the site poses a danger to visitors.

The message displayed in the browser means the website has been hacked . Before you panic . here ‘s a quick checklist to clean the malware , secure your website , and re-establish a position on google’s search engine .

What happened?

Several malware applications are spread on the internet through infected web pages and executable downloads . for instance ,The hackers exploit vulnerabilities in web applications and inject malicious code , You may using a vulnerable open source wordpress ,Ckfinder …

An other attack : gumblar virus is spread through PDF documents and flash pages . The malware applications find passwords hidden on the website owner’s computer and infect hist web pages with malicious code . (using ftp services)

The code can be spread of malware . The infected website is detected by google’s search engine spider , and the company provides the warning seen in the user’s browser. (continue reading…)

Saudi Hackers Claims hack of hundreds of thousands of ‘Israelis credit cards’ after hacking one website Saudi hackers , I seem that hackers exploit a critical vulnerabity in the web applications of one.co.il

Skip the password using SQL Injection in cookies .

SQL Injection via cookies gives an attacker the ability to exploit using cookie parameter .

useraccountid= [sql injection]

Example1: useraccountid= x’ or username=’SYSMOX’#

*log on to account SYSMOX

Example2: useraccountid= x’ or 1=1#

Or
useraccountid= x’ or username like ‘%25com’

In 2009 the twitter dns company got hacked some people think that twitter dns password got brute forced; or web application security flaws .

But we discovered that the attack was more sophisticated. Hackers use SQL injection via cookies to target the twitter dns provider company .

Attacker can inject via cooke :

sql injection via cookies

(continue reading…)