Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec

Web Information Sharing Provides Entrance To Hackers

Tenable Network Security : 10 February, 2011  (Technical Article)
Tenable Network Security CEO comments on recent Nasdaq hack and the vulnerability to web appliances and information sharing networks
Following the news that Nasdaq Stock Market was hacked and outsiders managed to penetrate the computer network, Marcus Ranum, CSO of Tenable Network Security comments on the news.

“Attackers are motivated to go to great lengths if they think they can make a lot of money and I think it's probably safe to say that this attack is almost certainly financially motivated.

“As far as the hackers' methods are concerned, it's hard to read between the lines but the fact that a ‘web based service’ for sharing information was penetrated means that most likely there was some typical web-based flaw, such as an, SQL injection, server vulnerability, or scripting vulnerability. Additionally, if the service exists as a place where important information is going to reside, then it's a pretty obvious target.

“To protect themselves effectively, organisations firstly need to make sure that web applications are developed under a secure software development process, and are maintained carefully. Secondly, there is always the problem of endpoint trust and transitive trust - if the endpoint that is accessing a ‘secure’ site is insecure then the data is still exposed at the endpoint.

“That's why a sharing site is particularly problematic and secure information sharing over open networks is, and always will be, a hard problem. We don't know if the hackers in this case used a transitive trust attack or if they just exploited a basic website security flaw. But either way, none of this should come as a surprise to anyone.”
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo