Businesses can leave themselves vulnerable to date theft and other online threats; particularly as security and IT budgets are under pressure as businesses look to save money. Although money is tight, it is important companies stay protected online, as on average, the total cost of security breaches including lost business in the UK last year was $2,565,702 (US dollars).
Data theft and other online threats presently represent a significant danger for businesses in the UK. Compounding this problem is the economic downturn, which is leading many executives to cancel, defer or downsize security budgets.
To highlight the risks facing companies today, Astaro has compiled the following list detailing the five most serious internet security holes.
1. Browser vulnerabilities
No provider is immune to the security holes that keep appearing in web browsers. A recent example is the CSS bug that affected Internet Explorer versions 6, 7, and 8 (CVE-2010-3962). This bug targets the computers in a two-stage attack: First, the user follows an e-mail link to a web page containing malicious code. This code is then run without the user realizing it and automatically installs a trojan on the computer. The user does not need to click the mouse; simply visiting the website is enough. The only way companies can protect themselves fully from this is to refrain from using any browsers with current known security holes for as long as they remain unpatched.
[click to continue…]
ddosim is a tool that can be used in a laboratory environment to simulate a distributed denial of service(DDOS) attack against a target server. The test will show the capacity of the server to handle application specific DDOS attacks. ddosim simulates several zombie hosts (having random IP addresses) which create full TCP connections to the target server. After completing the connection, ddosim starts the conversation with the listening application (e.g. HTTP server).
ddosim is written in C++ and runs on Linux. Its current functionalities include:
- HTTP DDoS with valid requests
- HTTP DDoS with invalid requests (similar to a DC++ attack)
- SMTP DDoS
- TCP connection flood on random port
[click to continue…]
To attack multiple WEP and WPA encrypted networks at the same time. this tool is customizable to be automated with only a few arguments. wifite can be trusted to run without supervision.
Features :
- sorts targets by power (in dB); cracks closest access points first
- automatically deauths clients of hidden networks to decloak SSIDs
- numerous filters to specify exactly what to attack (wep/wpa/both, above certain signal strengths, channels, etc)
- customizable settings (timeouts, packets/sec, channel, change mac address, ignore fake-auth, etc)
- all WPA handshakes are backed up to wifite.py’s current directory
- smart WPA deauthentication — cycles between all clients and broadcast deauths
- stop any attack with Ctrl+C — options: continue, move onto next target, skip to cracking, or exit
- switching WEP attack methods does not reset IVs
- intel 4965 chipset fake-authentication support; uses wpa_supplicant workaround
- SKA support (untested)
- displays session summary at exit; shows any cracked keys
- all passwords saved to log.txt
- built-in updater: ./wifite.py -upgrade
[click to continue…]
Owning a website entails lots of responsibilities. One of them is ensuring that you could prevent hacking and identity theft. Internet hacking is prevalent nowadays as hackers become more proficient in website hacking. As an online entrepreneur, you would like to ensure all possible means to stop this illegal and malicious act. Here are tips on how to prevent your website from hackers.
Select an efficient webhosting service
There are several free hosting services but if you want your website to be more secure, then you should opt for paid webhosting. The service would ensure that your website would not be hacked, so they will assist you in any way they can. Paid webhosting services usually have a 24 hour support service staff who can help you anytime you need them.
Conduct a security audit regularly
You may want to conduct a security audit regularly. You can perform this every month, or every 6 months or even yearly. What is important is that you should do it on a regular basis. Set a specific date for this crucial process, if you want to prevent hacking of your website.
[click to continue…]
