Internet Security Whitepapers

The Five Myths of Web Application Security

Internet Security Whitepapers Web Application Vulnerabilities

Web application security is a critical component of an organization's overall security posture because web applications are a gateway into backend databases that hold critical corporate information and assets. More companies than ever are doing business on the web, yet only a relatively small percentage of websites are regularly and professionally tested for vulnerabilities. As organizations tighten up the network perimeter, hackers are focusing attention toward weaker targets, the web applications. Increasing the challenge, most ecommerce websites are constantly changing, to update product information and business functionality. These trends drastically increase the likelihood of website vulnerabilities and eventually lead to compromise.

The Future of Web Server Security

Internet Security Whitepapers Hacking Web Servers

Why your Web site is still vulnerable to attack? In our global business environment if a company does not have a Web site they can be viewed as backward or old school, basically not a participant in today’s economy. However, this race to participate in the Internet has created an environment where Web and e-commerce sites are multiplying at an astonishing pace. This rapid proliferation of Web sites has also spawned new threats to business. A major threat that as fast as ecommerce sites are being constructed, hackers are developing techniques to deface them and steal the data that exist on the Web server. This threat is real. The 2000 CSI/FBI Computer Crime and Security Survey reported that the total of losses reported by their survey respondents between 1997-2000 was $ 626 Million. This is a figure that will only increase as more companies enter e-commerce.

The Phishing Guide: Understanding and Preventing Phishing Attacks

Internet Security Whitepapers Phishing Social Engineering

This paper covers the technologies and security flaws Phishers exploit to conduct their attacks, and provides detailed vendor-neutral advice on what organisations can do to prevent future attacks. Security professionals and customers can use this comprehensive analysis to arm themselves against the next phishing scam to reach their in-tray.

The Reality of Risks from Consented use of USB Devices

Internet Security Whitepapers Hacking USB Devices

Physical security is considered an integral part of information systems security. The idea that small devices pose a security threat for enterprises is well established. On the other hand, consented and supervised access to USB ports via USB flash drives is sometimes allowed. This paper will highlight the risk associated with this kind of access by devices such as IPods and USB flash drives. It will show a proof of concept USB device that runs automatically once connected to a personal computer and copies files and folders from the victim's computer to its storage and executes potentially harmful code on the computer without the user's knowledge. The paper then provides measures necessary to mitigate this type of physical attacks.

The RFID Threat

Internet Security Whitepapers RFID Hacking

Radio Frequency Identification (RFID) is the latest phase in the decades-old trend of the miniaturization of computers. RFID transponders are tiny resource-limited computers that do not have a battery that needs periodic replacement. RFID tags are inductively powered by their external reading devices, called RFID readers. Once the RFID tag is activated, the tag decodes the incoming query and produces an appropriate response by using the energy of the incoming radio wave to power the chip long enough to respond. RFID tags can do a limited amount of processing, and have a small amount (<1024 bits) of storage.

The Shellcode Generation

Internet Security Whitepapers Exploit Writing Techniques

Attackers carry out many network security compromises using exploitation programs, or exploits, which take advantage of bugs in software running on vulnerable systems. These programs are often the only remaining evidence of a security compromise; by analyzing them, we can assess the incident's impact and the attackers' skills and intent. We can build an entire taxonomy of attacks by understanding these programs' technical capabilities and their connection to those who develop and use them.

The Trojan Money Spinner

Internet Security Whitepapers Trojans and Backdoors

In this paper when we refer to a 'banking trojan' we are talking about a piece of malware that targets the money from the account of an online bank. Certain other financial services such as online stock brokerage services are also considered 'online banks' in this context. Some papers have used the term 'phishing trojan' for almost the same thing. Recently the term 'crimeware' has become commonly used to refer to banking trojans. In this paper we consider banking trojans to be a subcategory of crimeware. Crimeware refers to a more general group of malware that are designed to bring financial gains to their writer or distributor. Crimeware therefore includes clickers, spam proxies, ransomware, and other malicious programs that are not interested in online banking per se.

Trends in Denial of Service Attack Technology

Internet Security Whitepapers Denial of Service

The traditional intent and impact of DoS attacks is to prevent or impair the legitimate use of computer or network resources. Regardless of the diligence, effort, and resources spent securing against intrusion, Internet connected systems face a consistent and real threat from DoS attacks because of two fundamental characteristics of the Internet.

Trojan White Paper

Internet Security Whitepapers Trojans and Backdoors

Many home users are kept in the dark about Trojans, what they are exactly, and the force behind them. The Trojan scene is quite an interesting one, one which I will document in this text, in order to give readers a better understanding of Trojans and the people that create and use them, After all there is more to Trojans than just the Trojans themselves. I will also detail in this text the technologies the latest Trojans incorporate in order to make themselves more stealthy and/or harder to remove. The general purpose of this text is to educate the reader about Trojans, so they can help protect themselves against them, and in the event of infection they may remove them and try and to prevent them from doing any further damage.

Understanding and Preventing Phishing Attacks

Internet Security Whitepapers Phishing

This paper covers the technologies and security flaws Phishers exploit to conduct their attacks, and provides detailed vendor-neutral advice on what organisations can do to prevent future attacks. Security professionals and customers can use this comprehensive analysis to arm themselves against the next phishing scam to reach their in-tray.