What’s HOT in Application Security Vol #15

Jun 11, 2012 By Administrator

5 of the most famous hacks, ever! news checkmarx

Hacking has pretty much been a concept which has been around since as long as the internet has. Sometimes the criminals go after governments to make political statements, like the recent hacks seen against the Chinese Government, sometimes it’s all about an online cyber war, as was seen in the Israel vs Iran Stuxnet fiasco or hacking is the result of pure and simple financial gain, as was seen in the recent Sony breach.

Here are the most famous hacks, ever

Markus Hess
Markus Hess was the famous German, recruited by the KGB to break into U.S military computers in the 1980’s. He famously wrote the experience in a book called “The Cuckoo’s Egg”

Robert Morris 
Robert Morris, famously invented the worm. He’s the man behind several famous hacking attacks. Unlike others, it appears he simply did it for the fame.

Vladimir Levin- Citibank
Here’s a guy who obviously did it for the green stuff. Vladimir is the brains behind the Russian crime ring that managed to acquire millions of dollars in the mid 90’s. The Russian cyber thief then went on to commit further financial crimes across Europe totaling an estimated $3.7 million. He eventually got 3 years in the slammer but only had to repay a fraction of the money.

Jonathon James- NASA
Well, if there’s anything in the world which will surely lower your faith in your local space station it’s the fact that a high school student succeeded in hacking it in the late 90’s. The hack was not only a complete an utter embarassment for NASA’s security but was a total victory for Jonathon James who’s career is likely thriving thirteen years on. The estimated cost of this breach is well over a million dollars.

Adrian Lamo- NY Times
Yet another hack perpetraited by a teenager. Adrian succeeded in hacking into the New York times and accessing a list of sensitive materials. Cost of this cleanup was just under a million dollars.

For more information please go to:
http://www.pcadvisor.co.uk/news/security/3357883/10-hacks-that-made-headlines/

Stuxnet, who done it? 

Stuxnet, the famous virus which made headlines last year, has the culprit been found? According to a New York Times story which was published earlier this week, Stuxnet was a concept formulated by the US to attack the controversial Iranian Nuclear Program.

An Israeli Journalist has now come out and stated that they have intelligence which suggests that it was a joint, not a sole attack, formulated by the US, put into practice by Israel and eventually deployed from Israel. The US is trying to suggest that it was them who is responsible for Stutnex whereas Israel is suggesting that it was their brainchild, with some input from the US. I suppose on this particular case the jury is still out.

For more information please go to:
http://www.infosecurity-magazine.com/view/26241/stuxnet-was-our-idea-says-israel

Flame attacks windows versions lower than Vista

For systems running Vista or Windows 7, the attackers used several different methods to gain access to systems but for older versions of windows, the only thing required was to get the signed code- something which is far easier and quicker.

Theoretically if you are currently using a version which is older than Vista you are much more vulnerable to the Flame attack.

For more information please go to:

http://www.infosecurity-magazine.com/view/26214/windows-versions-older-than-vista-more-vulnerable-to-flame-attacks/

PCI now requires internal vulnerability assessments

PCI Standards now require merchants to provide evidence of an internal vulnerability assessment, says Alex Quilter, director of PCI at Qualeys.

The latest requirement is detailed in the latest version of PCI DSS which is the payment card industry security benchmark.

PCI is at the forefront of the battle against hackers and information security breaches, this latest requirement is another attempt to stay one step ahead for the Payment Card Industry.

For more information please go to:
http://www.infosecurity-magazine.com/view/26229/pci-requires-merchants-to-pass-internal-vulnerability-assessments/

Think your passwords and info are secure at LinkedIn, think again!

Linkedin is the social network that prides itself on being one thing; professional. What do you call a data company that can’t secure it’s data; unprofessional.

The latest attack on linkedin users, where some millions of passwords and personal information was hacked, only served to make members feel totally uneasy about parting with any more personal information on the site.

Most of us read words like ‘secure’ and ‘standards’ which are written all over their website and feel a sense of ease, the latest breach does nothing  but prove how completely misplaced these trusts actually were.

For more information on the Linkedin breach please go to:
http://gadgets.ndtv.com/social-networking/news/lax-security-at-linkedin-is-laid-bare-230110

The following two tabs change content below.

Administrator

Latest posts by Administrator (see all)

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.