SySmox  has long prided itself on being there for its customers and this attack on the shared hosting servers proved that it had a team willing to check up to the plate when needed. Now, users are being made aware again that it is incredibly crucial to keep hosting; CMS software like WordPress and Joomla up to date with the latest patches and this applies even for those who do not have a site hosted by this ISP. As awareness begins to spread, it is certainly a great deal easier for to maintain higher levels of security that make sure these types of problems are able to be guarded against and, even if they arise, that they can be dealt with in a swift manner. This certainly is an important part of keeping the web safe for visitors and those who are doing business online or running sites for pleasure.

Web application security

Many people understand how important it is to have web application security both in the e-commerce . One of the primary concerns for organizations is attacks by appsec. However, there are many other very dangerous attacks, including cross site scripting, SQL injection and http verbse attack. Data loss is one of the most common issues following one of these attacks. However, data loss would be the least of an organization’s concerns considering attackers are generally also able to get access to the specific pieces of data they are looking for. An example of why web application security is so important is for when SQL injection allows an attacker to get access to credit card information or data relating to a person’s identity. This is often the type of information that hackers are after of course.

Example 1

In SQL:

If one provided:

the query string becomes:

However, even if a hacker tries to gain access and their first attempt does not actually give them the data they were after, the SQL injection may also allow them to gain access to other components and databases, allowing them to gain control over them. Hackers then use a range of different techniques and technologies (Inject malicious code , Scam , which then allows them to finally access the data they were trying to access in the first place. Clearly, web application security is incredibly important to ensure you are not at risk of these types of things happening. Remember that hackers are incredibly creative and also very patient, meaning that if they don’t get access to the data they need immediately, they will happily keep trying for extended periods of time, sometimes as long as years.

If you have a website that does not actually contain the data that a hacker is after, an SQL injection can still be very damaging. Of course, you will have to deal with the fact that your information has been compromised, which is bad enough of course. However, in addition, most hackers will make sure that they leave traces of malware on your site, meaning each visitor will be infected with this. This, in turn, leaves their machines victimized as well. Basically, within an organization, if web application security is not in place, somebody will have to explain to top management why all clients that have visited the organization’s website suddenly is infected with a virus. There are many other reasons why having good security in place, but it bottles down to protect your information and that of your customers. After all, as a business, customers will be very reluctant to return for further business if they have had their personal and financial data stolen and hacked because of a simple visit to your website.

aljazeera got hacked

After English website . Syrian Electronic Army  penetrate aljazeera network .

After Syria hackers take down al Jazeera English website ;  Success to aljazeera network , in 01/02/2012 confirmed Tuesday that hackers breached security and had access to the network .

The is an interview with the hackers:

Web Security 
————————————-
Aljazeera have a local publishing system
so you can login to publishing system only from AlJazeera Office- Doha
We hacked aljazeera network and access the publishing system using user and password
we didn’t publish any news because its need approval but we upload some photos
its just the beginning really
————————————
All Respect
Syrian Electronic Army
The Pro

 The image of the pentest :

aljazeera network hacked

 Screen 2:

Aljazeera hacked

 screen  3 :

Aljazeera got hacked

aljazeera hacked

Syrian hackers Target the Al Jazeera’s “Syria Live Blog” which has been providing ongoing coverage of the Arab League’s observer mission to Syria and developments in the ongoing unrest in the country .

The attacked changed to display a picture of bashar assad .

Hacked by Syrian Electronic Army | Th3 Pr0.

You Got Hacked Again By SEA.

We Want Bashar Al-Assad

The hackers website : http://syrian-es.com/

It look like tha the hackers exploit a web application security in the drupal .

The zone-h Defacement attack .

This is the reason :

cyber army in syria

Smart phone Security

Many people remain unaware that smartphones face even greater security threats than home computers. Viruses, hacking and theft can put sensitive personal information at risk. An article published in The Star Press during early 2012 warned that hackers frequently obtain account information and credit card details from smartphones. This also happens to the users of home and business computers.

However, the many integrated features of a smartphone make it even more valuable to hackers. It’s possible for them to listen in on your telephone calls and take pictures with the phone’s built-in camera, according to The New York Times. Some hackers can even monitor your personal conversations when the phone appears to be off. Over 1 million smartphones have already been hacked.

Fortunately, you can follow these tips to minimize smartphone security risks:

1. Use care when downloading smartphone applications. It can be very hazardous to download apps that were designed with ill-intent or negligence. Pennsylvania State University warns that such applications may cause serious harm to users, devices and cellphone networks. They can steal private information or make your smartphone more vulnerable to hacking. A study conducted by PSU in 2010 found that two out of three well-known apps transmit private data without user consent. Some retrieve the user’s phone number or location.

One way to find safe applications is to obtain them from reputable companies. You should know who created an app before using it. Some apps have lists of permissions that you can view before starting a download, according to The New York Times. Carefully inspect these lists and see if they make sense. For example, a card game shouldn’t have permission to take pictures or check your current location.

2. Don’t open every email message that you receive, and use care when responding to email or voice messages. Like computers, smartphones can become infected with viruses sent by email. Always check the sender and the subject before opening a message. Avoid clicking on email links or opening suspicious attachments; they can transmit viruses.

Fraudulent voice, text and email messages may urge you to reveal your account information. Some appear to come from mobile phone carriers or financial institutions. Hackers may send text messages that ask for permission to “reconfigure” your smartphone, according to The New York Times. It can be difficult to determine if such messages are genuine. Instead of responding to them, contact your mobile provider by phone.

Smart phone security

3. Avoid insecure connections, especially for sensitive data. The University of Hawaii recommends using a password-based Internet connection to transmit confidential information. Don’t use a free Wi-Fi service to make purchases or conduct banking transactions. Hackers can easily intercept financial information and may use it to steal your identity. Bluetooth wireless devices can also compromise security. So-called “jailbroken” or “unlocked” smartphones face a greater risk of hacking. These are phones that can use more than one mobile service network.

Although you can minimize the risks, a smartphone simply isn’t the safest device to use when conducting financial transactions. For optimal security, use a home computer with a wired Internet connection.

4. Although viruses and hacking pose greater concerns for most people, don’t neglect to consider the physical security of your phone. Someone can steal a smartphone and use it to make online purchases or expensive calls. A criminal might also use your personal information for identity theft. Avoid putting confidential information on a smartphone. If you must do this, use a password to protect the data. WABC recommends using different passwords for your smartphone than you use elsewhere.

Your phone’s security may also be put at risk when you allow someone to borrow it. Unless you fully trust them, don’t let people use your smartphone for extended periods of time. Keep in mind that valuable phones can easily become targets for theft. Also, be aware that someone could inadvertently infect your phone with a virus. Before lending the phone to friends or family members, ensure that they understand smartphone security.

5. If security becomes compromised, act quickly. Watch your smartphone for poor performance or unusual behavior. This could indicate that it is using time or battery power to monitor your activities. Remove any personal information from the phone and download the latest security updates. If you can’t solve the problem yourself, seek the help of a professional. When you suspect a security breach but don’t have time to address it, disconnect the phone from all sources of electrical power.

smartphone hacking

It’s also important to respond quickly if someone steals your phone; get in touch with the mobile phone service right away. The technical support staff might be able to remove private information from your smartphone or lock access to it, according to the University of Hawaii. This will also prevent a thief from using your phone to make long-distance calls.

In general, you can maintain the security of your smartphone by using it cautiously and taking preventive measures. If in doubt, don’t click a link or download an application. It’s never worth risking the loss of your identity or the contents of your bank account. Always keep your smartphone’s security software up-to-date and enable any optional security features that it provides. As with computers, both free and commercial anti-virus programs are available. Finally, be sure to keep up with the latest news on smartphone security. The world of viruses, hacking and spyware is always changing; it’s important to remain aware of the signs to watch for.

With the increased information sharing that has become quite common over the past few years, especially with social networking and business networking, it is inevitable that websites are being attacked. In the past, using a firewall for the computer and putting a lock on the door to the server room were enough to keep anyone from accessing information from a business and web application security wasn’t even envisioned. However, there are browsers that constantly interact with business web applications through websites that sell products or services. Data connections must be open in order to receive customer input and orders, and one never knows when a person accessing their business through the web is a legitimate customer or someone who is trying to hack into the system or attacking the business through the links on the site.

Because most businesses that do business over the internet may be vulnerable to cyber attacks, not only does the network need to be made security, but web application security is also a high priority. The anti-virus software, firewalls, and so forth are designed to keep the network secure, and are considered a type of physical security, in addition to those locks on the server room doors. These are often security solutions that are very similar from one business to the next.

Website application Security

However, web application security is much more specialized than network security because of all the unknowns involved and hackers can use it to bypass the firewall . Because you can’t pre-determine whether the people who access your business over the internet are legitimate customers or malicious hackers, you can’t just tell the web application who to let in. If you are doing business on the web you have to have a relatively free access. However, what you can do is to build the web applications in such a way that they are defending you from attacks while at the same time allowing customers to place their orders.

It is important to realize that even if you set up or build your web applications in such a way that they are resisting web attacks, you will need to revisit how they are doing a couple of times a year because so much changes with the internet technology. You can learn about the different kinds of testing atatcks or security report so that you can test your web applications . It is also important to learn about the threats that are currently popular.

When a website is customized to meet your business needs, it can leave open many doors or areas that may be open to attack. This is why it is very helpful to work with an expert in web application security. The expert can go over your website piece by piece and let you know which areas are the most vulnerable and what the best solutions may be based on the risks that were found. If you are building a new website for business, you may want to work with a web application security expert to build your site securely in the first place.

At the rate that technology changes, it is advisable to have the expert scan and test your website on a regular basis, such as twice a year, to make sure that your web applications are as secure as possible and that there are no new threats that have not been prepared for.

malware in website

Google’s search result block web pages that contain malware . website owners panic; and they are unsure of how to fix the problem .This article highlights how malware infects a web page and what the woner can do to protect the website .

Your website is running along smoothly until you notice a severe drop in sales and web traffic.You do a quick analysis by searching for your website on google , but when you click the link , you’re redirected to a warning page that annoinces the site poses a danger to visitors.

The message displayed in the browser means the website has been hacked . Before you panic . here ‘s a quick checklist to clean the malware , secure your website , and re-establish a position on google’s search engine .

What happened?

Several malware applications are spread on the internet through infected web pages and executable downloads . for instance ,The hackers exploit vulnerabilities in web applications and inject malicious code , You may using a vulnerable open source wordpress ,Ckfinder …

An other attack : gumblar virus is spread through PDF documents and flash pages . The malware applications find passwords hidden on the website owner’s computer and infect hist web pages with malicious code . (using ftp services)

The code can be spread of malware . The infected website is detected by google’s search engine spider , and the company provides the warning seen in the user’s browser.

Secure your website and computer:

First step to fix the hacked page is securing the computer that have access to the website .Most malware programs use client computers to infect website pages . if you clean the pages infect website page first , the malware may quickly re-infect them . Google recommends reformatting the hard driver and reinstalling the operating system with all the latest security patches .The second best security measure is to download the last virus definitions for your anti virus software .

Run a web application security report to fix the vulnerabilities in the running application.

Remove the malware from the infected page:

Web application security

Cleaning mawlare is difficult task, and it takes a trained eye to catch the offending code . if you don t the coding behind the website ; you may need to ask for help sysmox web application security test can help you.

Whitout an entirely clean website , google will continue to block your domain from search results; So It’s imperative that the malware is removed accurately . If the pages have not been changed ; and you believe your backup location is secure; you can restore your website with a previous version from a saved backup . one the website has been restored , change all passwords for users who have access to the host server .

File a request for a review :

After the website is cleaned from malware , the website owner need to file a request from google .Requesting a review is the quickest method of having the warning removed from the user’s browser. Google drops domains from the index after its spider contunously finds malware , so requesting a review ensures proper replacement in search engine results .google provides an interface for webmaster to file from a review at google.com/webmaster .

The quidelines indicate that it takes a day to review; So are long as your site is repaired , you can have the domain name reestablished in the search engine quickly .

Prevention :

Webmasters who have endured the tedious procedures relatin to malware hacks understand the importance of prevention .

Prevention is the final step in securing a website .Keep web application updated and track the web applications security flaws and server .Run antivirus on machines that have access to the website or server that host the portal , And always monitor traffic and logs for hack attempts .

The most  important step is prevention . Run a web application security report you limit the chance of being hacked  .

SQL Injection via cookies gives an attacker the ability to exploit using cookie parameter .

useraccountid= [sql injection]

Example1: useraccountid= x’ or username=’SYSMOX’#

*log on to account SYSMOX

Example2: useraccountid= x’ or 1=1#

Or
useraccountid= x’ or username like ‘%25com’

In 2009 the twitter dns company got hacked some people think that twitter dns password got brute forced; or web application security flaws .

But we discovered that the attack was more sophisticated. Hackers use SQL injection via cookies to target the twitter dns provider company .

Attacker can inject via cooke :

sql injection via cookies

maintenancesessionkey= [sql injection]
Example1: maintenancesessionkey= x’ or username=’ xxxx.com’

We contacted the company and the bug was fixed

Description: Developers commonly include verbose error messages in the development of software applications. When software behaves unexpectedly, it generates messages that contain detailed information about how and where an error occurred. These messages are useful within the web development life cycle (since the application is often executed in a remote multi-tiered environment), but these verbose error messages often contain environment variables, path disclosure, and other platform information used to aid in debugging. This information is a valued resource to an attacker attempting to penetrate a system.

HTML Comments     :

Description: HTML comments are commonly placed within the source code of a web page. Web site developers often mark portions of their pages with comments which are not normally viewable by the a web site visitor. These comments may contain sensitive information about the structure of the web site, or information intended only for the system owners or developers. These comments can provide an attacker with information about your system, network, or application behavior which may be useful in future attacks.

Known Directory     :

Description: A Known Directory vulnerability indicates that a web server directory not intended for public viewing has a name that can easily be guessed, and thus can also be accessed. This directory may contain files with sensitive data or functionality for configuring the web server.

Known CGI File     :

Description: A Known CGI file disclosure occurs when a “known to be vulnerable” CGI file is found on your web server. This file may disclose sensitive information about your web application, such as database passwords, names of other machines on your network or file paths to sensitive data.

Configuration File Disclosure     :

Description: A file containing configuration information is publicly accessible on this web server. This file may disclose sensitive information about your web application, contain database information, names of other machines on your network, or file paths to sensitive areas.

Backup File Disclosure     :

Description: Many applications used to build HTML and things like ASP pages leave temporary and back-up files in directories. These often up-load either manually in directory copies or automatically by site management modules contained within HTML authoring tools such as Microsoft’s FrontPage or Adobe Go-Live. Many developers embed data into development HTML that they later remove for production. Emacs, for instance, writes a *.bak in many instances. Development staff turnover may also be an issue, and security through obscurity is always an ill-advised course of action.

SQL Injection     :

Description: SQL Injection gives an attacker the ability to exploit a web application by altering a back-end SQL statement. The attacker sends specific data used in creating SQL commands into a web application. Once the attacker can successfully alter an SQL statement, he can then execute other system-level commands within the web server. An attacker can use SQL Injection to gain complete control of your web server, including the ability to read, write and manipulate all data stored in your back-end database.

Cross-Site/In-Line Scripting     :

Description: Cross Site Scripting (XSS) targets the web browser rather than the web server. A web page containing harmful HTML data from an untrustworthy source displays on the user’s computer. The malicious HTML data generally enters the user’s web browser after the user clicks on a hyperlink or views a web page that contains malicious content. Once the resulting page loads inside the web browser, a number of dangerous events could result. Malicious scripts execute at the originating web site, and grant the attacker full access to the web page retrieved, and the ability to send data contained in that page back to a remote location. Users may have their accounts stolen or their browser redirected to another location.

References:
http://www.cgisecurity.com/articles/xss-faq.shtml
http://www.cert.org/advisories/CA-2000-02.html

Buffer Overflow     :

Description: Buffer Overflows are a common cause of malfunctioning software. If the amount of data written into a memory buffer exceeds the size of the buffer, the additional data writes into adjacent memory space and often produces a segfault. An attacker may be able to utilize a buffer overflow to alter an application’s process flow. By using a properly formatted buffer overflow attack, the attacker may be able to run arbitrary code on the server.

OS Command Injection     :

Description: OS Command Injection is execution of operating-system commands via the web application. OS commands generally execute as the web server or application server user. Varying levels of arbitrary commands could execute, depending on the operating system’s scripting or programming language.

Meta Character Injection     :

Description: Meta Character Injection is an attack that occurs when data input validation fails to account for the special meaning of certain characters in a web application environment. Meta characters are characters that can have special meaning to programming language commands, operating system commands, individual program procedures and database queries. These special characters can alter the behavior and scope of certain operating system commands.

Directory Traversal     :

Description: Directory Traversal is the act of using directory characters (../) within the CGI parameter section of the URL to escape the intended web server document root directory. Attacks using Directory Traversal techniques make it possible for an attacker to read files or execute commands outside the intended accessible directory tree. In most cases, a Directory Traversal attack inherits the permissions of the compromised application, which gives the attacker access to any file to which the application has permissions.

Null Injection     :

Description: When developers create web applications in a variety of programming languages, these web applications often pass data to underlying lower level C-functions for further processing and functionality. If a user-supplied string contains a null character (\\0), the web application may stop processing the string at the point of the null. This occurs because some programming languages perceive the null byte as the termination of a string. Web applications sometimes will append strings, such as “.html”, to the end of parameter value. For instance, the string “foo” would become “foo.html” after the web application processes the string. If the input string “foo%00″ were supplied, the string would remain “foo” as a result of the underlying functions.

User-Agent Manipulation     :

Description: User-Agent Manipulation is the manipulation of the user-agent header in HTTP requests. An HTTP request has the option to include information about the browser that generated the request. Curl allows it to be specified on the command line. This is especially useful to fool or trick web servers or CGI scripts that accept only certain browsers.

Referrer Manipulation     :

Description: The server uses Referer Manipulation to discover if you arrived directly at a particular page or if you arrived from a page on the web site. Some web sites use this feature to prevent users from linking directly to content of their web site, or to ensure that users flow through pages in a certain order to complete a procedure or process.

Debug Commands     :

Description: During a software application’s development, it is standard practice to introduce debugging structures to that find programming faults and trace errors. When developing compiled code, debug statements can be compiled out of the resulting source. However, this may not be the case for all web application environments. In some circumstances, debug features may be present and accessible through the web site front end. These debug features may contain security bypass facilities that allow other unsecure activities.

Extension Manipulation     :

Description: Sentinel discovered a file with a common extension. This file may disclose sensitive data about your web application. Click on details for more information.

Frame Spoofing     :

Description: Some web sites build frame sets using URL parameters. Most developers do not realize that web languages treat file paths and URLs the same way. Simply replacing a file path with a full URL will generally result in foreign content being loaded into the frame. This can be used to spoof login pages, fake defacements, and perform Cross Site Scripting.

Directory Indexing     :

Description: Directory Indexing is an information leak which could provide an attacker with the data needed to launch further attacks or gain more detailed information about your web server. This vulnerability could be the result of incorrect directory permissions, a web server misconfiguration, a Buffer Overflow in the web server, Direct OS Commanding, a Directory Traversal attack, Meta Character Injection, Null Character Injection, or a Known Directory attack.

Brute/Reverse Force     :

Description: Forward and Reverse Brute Force are password-guessing mechanisms used by attackers to discover the passwords of system users. A forward brute force attack occurs when an attacker chooses a specific username, then tries to guess the password and gain access to the account by trying thousands (possibly millions) of passwords with that username. The attacker uses dictionaries and common password lists to perform this attack. A reverse brute force attack occurs when an attacker chooses a single password (such as “password”), then tries thousands of usernames to discover which username has that password.

Session Hi-Jacking     :

Description: Session Hi-Jacking is the act of taking control of an active user’s session after successfully obtaining or generating an authentication token. The hijacked user may or may not continue to have control of their session. Session Hi-Jacking typically results when an attacker uses replay or brute force attack to successfully access the user’s active session without proper authentication. An attacker may be able to take control of an active session simply by pasting a URL into the user’s web browser or by reusing stolen cookie data to visit a particular web site or URL (see replay attack). Once the attacker successfully obtains access to the user’s session, he can perform all of the same Internet functions as the user, such as reading e-mail, making online purchases, etcetera.

Session Replay     :

Description: Session Replay is when an attacker uses session credentials continuously, even after the user logs out. An attacker will normally obtain a valid user’s session credentials and reuse those credentials indefinitely to illegally access that account.

Session Forging     :

Description: Session Forging is when an attacker successfully compromises the session tracking system and successfully creates valid authenticated session credentials. This results from inadequate entropy or an insecure method for creating session credentials. It is common to see a numeric customer ID in a session token which can be easily be incremented to generate a new valid session. The attacker may use this session token to jump into other accounts.

Password Recovery     :

Description: Password Recovery systems are designed to reset forgotten account passwords without the need to call the corporate help desk, thus minimizing support costs. Most systems reset a user’s password based solely on e-mail address. Depending upon the type of system used to reset passwords, there are many ways to fool the web application into generating or disclosing a password.

Logical Flaw :

Description: Password Recovery mechanisms are a perfect example of a logical flaw. Sometimes developers design a system to minimize the number of telephone calls to customer support by allowing users to fix their own common problems. A common problem is forgetting your password. Password recovery systems help make it easy to recover your password if you forget it. A password recovery system asks for your birthday (for example) and compares your answer with the one on file. Since an attacker is not likely to know your birthday, it is reasonable to assume that you are the person authorized to reset the password. This helps keep phone calls to customer support to a minimum. However, the attacker now needs to guess only the right birth date to compromise that account, rather than a difficult password. Guessing birthdays is easy, and guessing passwords is difficult. Sometimes the attacker does not even need the birthdate!

Page Sequencing     :

Description: Page Sequencing is an attack that causes security violations by taking advantage of the stateless nature of the HTTP protocol. For example imagine that you have a legacy or stateful application. The user deletes a row from a table in a database, hits the back button on his browser, then continues to edit the deleted row! This is a likely scenario with a non-technical user who has no malicious intent. Attackers can use this with devastating results.