Read up on the latest ideas and technologies from companies that sell hardware, software and services. Delivering the Power of Choice with Microsoft Dynamics CRM
APEC Police Force / Geomatic Technologies
MyNetFone & Powertec Launch Fax Service Over 3G Mobile Networks
Vendor Influence Curves And How You Can Get The Best Value Out Of Your Network
Smartphones & Enterprise Mobility
Hardcat at Concentrics Research LLC
An introduction to LTE
Gold Coast Convention Centre shows the way with next-generation Cisco wireless LAN technology
Zones provide focussed content from Computerworld and leading technology partners.Newsletter Subscription
Security company Finjan Wednesday reported it has found more than 1,000 sites infected by an attack toolkit called "Asprox," which exploits discovered flaws in a vulnerable site's programming to add hidden attack code. The attack code in turn searches for flaws on a browser's PC, and if any such holes are found it will download malware onto the computer.
I wasn't struck by the number - these days, 1,000 sites unfortunately isn't that many - so much as by the list of sites that Finjan says were hacked. My own city's site, which I've visited many times to pay parking tickets and the like, was nailed (though it's now clean). Snapple took a hit, as did the National Health Service in the UK and a wide range of other sites.
As with a previous SQL injection round, you can check to see if your site has been infected by running a Google search. Before you do, let me repeat a warning I wrote then:
IMPORTANT: DO NOT visit the domain named in the following test, or any sites that show up on a Web search as having this domain listed in their pages' code (including cached pages). Doing so could infect your PC with malware.
This time around, you'll need to run these three different searches, as the attack is inserting different code into different sites. In each case, substitute your site's domain (ie. Pcworld.com) for "domain."
When I ran those searches just now I turned up plenty of still-infected sites, so again, be extremely careful about visiting any of them. If your site turns up in search results, contact your IT department or hosting provider immediately.
Whether or not your site turns up, it's also a good idea to run the free Scrawlr tool from HP, which can check your site for the kind of vulnerabilities exploited by a SQL injection attack. It's quick and easy to download and run.
Also, for your own computer's safety, it's critical to keep all your software - not just the browsers and the OS - up-to-date with patches. Finjan writes that this attack kit goes after flaws in QuickTime and the AOL SuperBuddy as well as Windows.
For more on the assault, see Finjan's blog posting.
Computerworld Member Login
Discover how SOA can create smarter outcomes for your business.
Attend and learn:
- How SOA is helping leading companies to become more agile
- Where you should be applying SOA processes in your company
- The top SOA implementation mistakes to avoid
Click here for more information.
- +
Computerworld Live Podcast #97: The Future of Enterprise Networking 25/07/2008 09:45:36
This week CW Live chats with Mark Thompson, global sales and marketing manager for HP ProCurve, on the future of the enterprise networking. Mark discusses the trends we can expect to see in the near future and how the right infrastructure can ensure your enterprise network is secure. - +
Computerworld Live Podcast #96: Security at the Edge 11/06/2008 09:22:22
CW Live speaks with Amol Mitra, HP ProCurve Director of Marketing for Asia Pacific and Japan. Today's topic: how enterprises are starting to shift away from simply controlling security via server logins, firewalls and moving to more adaptive security frameworks. - +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future.
F-Secure achieves excellent results in Internet security suite comparison 2008-10-10 14:37:00+10
M2M Connectivity announces the new Sierra Wireless MC8792V embedded module for 900 MHz 3G/HSPA networks 2008-10-10 08:51:00+10
Pitney Bowes MapInfo Launches New Version of AnySite 2008-10-10 05:58:00+10
IOGEAR Gears Up in Australia 2008-10-09 20:18:00+10
Internet Service Providers offer new unlimited Online Backup from F-Secure 2008-10-09 19:42:00+10
Did you GET the memo? Getting you from Web 1.0 to Web 2.0 Security
Enterprises have forged ahead with the rapid evolution from Web 1.0 to Web 2.0 without addressing the inherent security risks. It is imperative for organisations to continue to embrace new technologies to survive, but security must shift from being an after thought to a primary consideration. Read on to find out more.
