contents | software | |||||||
| Al Qaeda Cyber Attacks against Databases and Servers The US Computer Emergency Readiness Team has issued a warning of possible cyber attacks by Islamic militant groups associated with the Al Qaeda network. Aimed at penetrating websites, disrupting online service and destroying data, these attacks will probably target US online stock trading and banking websites. According to MEMRI (Middle East Media Research Institute), Islamic websites have increased their focus on IT security related issues and one of the latest spates is the Technical Mujihad, an online magazine published by al-Fajr Information Center. The 64-page edition magazine was electronically distributed to password-protected Jihadist forums (according to SiteInstitute.org) on the 28th November and computer and contained Internet security related articles. SiteInstiture.org reports such articles as "The Technique of Concealing Files from View" and "How to Protect Your Files, Even if Your Device was Penetrated", were written for the intermediate to advanced user, and describe a variety of methods and software that provide security: "the editorial…emphasizes the great purpose of jihad in the information sector." The situational awareness alert was issued by US-CERT, part of the Department of Homeland Security (DHS), on Thursday 30th November, stating that financial institutions could be targeted in denial-of-service and database attacks as soon as Friday. Online trading and banking websites are urged to take the necessary precautions against the infiltration and destruction of their website. According to the Privacy Clearing House over 97 million personal records were stolen through hack and related attacks over an 18 month period spanning February 2005 through late November 2006. Although terrorist attacks go beyond the profit intentions of hackers, organizations are now at great risk. If the servers and/or web applications are compromised, any militant group could gain complete access to backend data. Web applications are designed to allow website visitors to retrieve and submit dynamic content (with varying levels of personal and sensitive data) through any web browser. Therefore web applications require direct and open access to backend databases to function properly. Hackers may easily gain access to sensitive data through several types of vulnerabilities including SQL Injection and cross-site scripting. It is fundamental for any institution with an online presence to regularly audit the security of its web assets, answering fundamental questions - "Which elements of our network infrastructure we thought are secure, are open to hack attacks?" and "What code can be thrown at web applications to cause them to misbehave?" Acunetix SiteAudit is a new on-demand web security audit service that provides an immediate and comprehensive security audit of all off-the-shelf and bespoke web applications. In addition to performing a thorough web application scan, Acunetix is also offering a complimentary audit of a company's web and database servers to ensure that web security is completely up to scratch. Acunetix SiteAudit: - Provides an immediate and comprehensive website security audit - Ensures website is secure against web attacks - Checks for SQL injection, Cross site scripting and other vulnerabilities - Audits shopping carts, forms, and dynamic content - Scans entire website and web applications including Javascript / AJAX applications for security vulnerabilities. write your comments about the article :: © 2006 Computing News :: home page |