Businesses can leave themselves vulnerable to date theft and other online threats; particularly as security and IT budgets are under pressure as businesses look to save money. Although money is tight, it is important companies stay protected online, as on average, the total cost of security breaches including lost business in the UK last year was $2,565,702 (US dollars).
Data theft and other online threats presently represent a significant danger for businesses in the UK. Compounding this problem is the economic downturn, which is leading many executives to cancel, defer or downsize security budgets.
To highlight the risks facing companies today, Astaro has compiled the following list detailing the five most serious internet security holes.
1. Browser vulnerabilities
No provider is immune to the security holes that keep appearing in web browsers. A recent example is the CSS bug that affected Internet Explorer versions 6, 7, and 8 (CVE-2010-3962). This bug targets the computers in a two-stage attack: First, the user follows an e-mail link to a web page containing malicious code. This code is then run without the user realizing it and automatically installs a trojan on the computer. The user does not need to click the mouse; simply visiting the website is enough. The only way companies can protect themselves fully from this is to refrain from using any browsers with current known security holes for as long as they remain unpatched.
[click to continue…]
To attack multiple WEP and WPA encrypted networks at the same time. this tool is customizable to be automated with only a few arguments. wifite can be trusted to run without supervision.
Features :
- sorts targets by power (in dB); cracks closest access points first
- automatically deauths clients of hidden networks to decloak SSIDs
- numerous filters to specify exactly what to attack (wep/wpa/both, above certain signal strengths, channels, etc)
- customizable settings (timeouts, packets/sec, channel, change mac address, ignore fake-auth, etc)
- all WPA handshakes are backed up to wifite.py’s current directory
- smart WPA deauthentication — cycles between all clients and broadcast deauths
- stop any attack with Ctrl+C — options: continue, move onto next target, skip to cracking, or exit
- switching WEP attack methods does not reset IVs
- intel 4965 chipset fake-authentication support; uses wpa_supplicant workaround
- SKA support (untested)
- displays session summary at exit; shows any cracked keys
- all passwords saved to log.txt
- built-in updater: ./wifite.py -upgrade
[click to continue…]
Don’t be tricked by the impossibly good offers that have lately been popping up on Facebook profiles. There are no free ticket giveaways – there’s only the possibility of getting your profile abused by the applications that you are required to install in order to receive them.
Supposedly, Delta Air Lines and JetBlue Airways are giving free tickets to Facebook users, but that could not be further from the truth.
Actually, if you click on the offered link you are asked to install a third-party application – “4freedeltatickets” or “JetBlue Family” – that requests you permission to access your basic profile information, send you e-mails, post on your Wall, access your data any time, and manage your events and pages.
[click to continue…]
