Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Live code analysis could have prevented Forth Bridge hack.

Finjan Software : 07 February, 2008  (Technical Article)
Finjan recommends installing software for performing real-time analysis of code structures on web pages to avoid obfuscated java scripts from being activated to deliver malicious code to visitors.
Finjan provides more information on the Crimeware toolkit used on the compromised Web site of the Forth Road Bridge, a popular tourist and travel attraction in Scotland that has been hacked and was serving up malware using code obfuscation techniques.

'The site is operated by the Forth Estuary Transport Authority and it appears it was infected with the Neosploit Crimeware Toolkit. The exploit used obfuscated Javascript, a trend we identified back in our fourth quarter 2006 Web security trends report,' said Yuval Ben-Itzhak, Finjan's CTO.

According to Ben-Itzhak, attacks using obfuscated code - and in particular, dynamic obfuscated code - are difficult to spot without advanced Web analysis software installed in the network to protect end-users.

'In order to prevent dynamically obfuscated code and similar types of advanced hacking techniques, we recommend businesses to include real-time content inspection products to analyze and understand the active code embedded within Web pages on-the-fly before it reaches the end user machine,' he said.

'This form of pro-active analysis is carried out by a handful of security applications, including our own business security software. This is because the analysis needs to break the obfuscated code into its constituent segments and interpret what the code segment intends to do, and take appropriate action,' he added.

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo