Skip to main content

Posts

Showing posts from October, 2017

Virus hoaxes, information security and computer security

What are virus hoaxes? And What is the difference between information security and computer security? Virus hoaxes are messages originally sent by one or more hackers describing some virus or worm that is extremely dangerous and urges the reader to take some action against their own computer and send the message on to everyone they know. This is social engineering in its purest form: the virus writer does nothing to your computer, they get you to do it. Just about every virus hoax has some combination these characteristics: it invokes the names of one or more large, reputable companies who have reported the virus, the virus is referred to as the "most destructive ever" with none of the top anti-virus vendors being able to stop it and it instructs the user to send the message to everyone they know. Valid virus reports are usually sent by the anti-virus vendors themselves as a public service and they will always provide links back to their sites so that the user can read th...
Post a Comment
Read more

Lizamoon: A Serious SQL Injection Attack

According to some security experts, Lizamoon is the most successful SQL injection attack ever witnessed.  During its short lifespan it has already compromised hundreds of thousands of websites.  While reports vary on the number of infected sites, some put the number over four million.  But these sites aren’t even the real victims; they’re just pawns in a larger scareware plot to steal people’s money. It all starts when a line of java script is surreptitiously injected into a webpage’s code. The script redirects the website’s visitors to a rogue AV site that initiates what appears to be a comprehensive anti-malware scan on the victim’s computer.  The scan finishes up rather quickly (certainly faster than any legitimate computer scan would take) and alerts victims that their computers have been infected with Trojans, worms, and other malware. The victims are then prompted with an option to “remove” the malware by downloading a “malware-removing” ...
Post a Comment
Read more

Political Hacktivism: An Emerging Trend in Cybercrime?

As we become ever more dependent on our laptops, smartphones and various other means to surf the web, internet crime continues to increase at an alarming rate. There’s no doubt that this rise in cybercrime is linked to organized crime; criminal gangs worldwide exploit the anonymity of the internet to conduct illegal activity. However, a recent story by BBC News about “political hacktivists” demonstrates that criminals are not the only ones using illegal hacking techniques to achieve their goals. Hacktivism, in the broadest sense, refers to the use of digital tools for a political or social cause. The tactics of hacktivism include blocking access to websites, identity theft, virtual sit-ins, and website redirects.  Hacktivism is as controversial as traditional activism; some believe that harmful cyberattacks represent a justifiable form of protest while others think that all types of protest should remain peaceful. In light of the abovementioned BBC News story, it seems t...
Post a Comment
Read more

Social Engineering & Cybercrime

Cybercrime, like regular crime, appears in a variety of forms. There are direct violations, such as the unauthorized hacking of an account, and there are more subtle varieties, such as posing as a Facebook friend, that involve tricking victims into unwittingly handing over their sensitive information. The latter form of cybercriminal activity is known as “social engineering.” While the term is not specific to internet crime, it is often used in regard to cyberattacks because cyber crooks have mastered these techniques as a means to perform a host of unlawful online actions. In basic terms, social engineering is a way to manipulate people into divulging confidential data. The term, as it relates to computer crimes, was popularized by former hacker  Kevin Mitnick , who discovered that it was much easier to trick a victim into unwittingly providing his password than to spend the time and effort to hack into an account. Mitnick, now a computer security consultant, was the most wa...
Post a Comment
Read more

What is a Zero-Day Vulnerability?

A zero-day vulnerability refers to a hole in software that is unknown to the vendor. This security hole is then exploited by hackers before the vendor becomes aware and hurries to fix it—this exploit is called a zero-day attack. Uses of zero day attacks can include infiltrating malware, spyware or allowing unwanted access to user information. The term “zero day” refers to the unknown nature of the hole to those outside of the hackers, specifically, the developers. Once the vulnerability becomes known, a race begins for the developer, who must protect users. In order for the vendor to rectify the vulnerability, the software company must release a patch. Often patches are released on a regular basis, one example being Microsoft’s Patch Tuesday. On the second Tuesday of each month, Microsoft releases security fixes that resolve identified holes. If, however, a critical vulnerability is discovered, a patch may be released outside of schedule. Browsers are similarly ...
Post a Comment
Read more