Tulip Systems Inc., the world renowned high bandwidth and broadcast stream hosting service US corporation was under repeated cyber attacks aimed at disrupting web services during the Georgia-Russia standoff few months ago. The promoters of Tulip are Georgian expatriates and this has enabled Tulip to work on many internet initiatives in Georgia. Tulip revealed that all the cyber attacks were traced back to originate from IP addresses in Russia. Mr.Tom Burling of Tulip said: ”What needs to be recognized is that Russia is invading United States businesses as well as sovereign foreign nations” .

Cyber attacks on US companies are increasing despite the best efforts to deflect such attacks by the corporates. GoDaddy.com, the well known domain name register and web hosting provider was hit by a distributed-denial-of-service (DDoS) attack recently, which affected thousands of hosting customers. This was initially thought to be an ‘outage’, but later GoDaddy.com later admitted that it was a cyber attack. Another attack reported was on the USAjobs.gov, website run by Monster. About 146,000 users of the website had their personal information stolen, except social security numbers that were encrypted in the database.

The US society is completely dependent on cyberspace, such as banking, investments, shopping, travel, utilities, news, work and personal communications, etc. Even at the governmental level, all the various organs, organizations, utilities, etc. are dependent on their cyber networks for carrying out their mandated tasks. Needless to say, such extensive and widespread use of cyberspace in US also provides opportunities for cyber attacks.

Apparently, some three million attempts of infiltration into Pentagon computer networks are defeated almost on a daily basis. Despite such constant vigil, attacks do get in and paralyze networks. Only in November last Defense Department computers were compromised by attacks that originated from Russia which apparently affected computers in combat zones, especially in Iraq and Afghanistan. Such attacks highlight the increasing danger and potential importance of computer warfare.

Cyber attacks can take many forms such as defacing a website, stealing valuable data or crippling a network controlling operations. These cyber attacks are targeted at corporate assets and services, such as web, email, database, etc., all of which contain corporate information and are used for e-commerce services. These important applications can be bombarded with spurious service requests and the DDoS attacks will disrupt business with severe deficiencies in communications, transactions, productivity and profitability. Such attacks can cost the corporations significant amount of money in goods, reputation and time.

Risk assessment is an important technique for information security. It is also important to have formal policies and procedures to safeguard information. However, such policies & procedures are non existent in many corporations, though the situation is changing slowly for the better. Unconventional methods are also being used for obtaining cyber security. For example, Microsoft hired hackers to test the Vista security.

Cyber attacks are treated as serious federal crime in the US under the National Information Infrastructure Protection Act of 1996. Conviction will result in imprisonment for a number of years and fine. Not just US, several other nations have similar stringent laws. However, detection and conviction is difficult as cyber attacks can come from across borders and with fictitious identities. It is not expensive to organize and implement attacks by the criminals. Cyber attacks as a means of crippling governments have not yet reached alarming proportions, but the prospect of such concerted and coordinated attacks in the future can not be wished away. And the world community will have to put their heads together to come up with effective strategies to counter these malicious attacks.

Explore More

Critical SQL Injection in www.kmd.com KMD Group of Companies

PlanetCreator.Net’s Security Team Member Info Freakzz <infofreakzzz(at)gmail.com> has reported another critical SQL Injection (vulnerability) on http://www.kmd.com.sg owned by KMD Group of Companies These are some information from Vulneral Site http://www.kmd.com.sg

Shell via LFI

>>>>>>>>>>>>>>> Shell via LFI – proc/self/environ method <<<<<<<<<<<<<<< >>>>>>>>>>>>>>> Author : SirGod <<<<<<<<<<<<<<< >>>>>>>>>>>>>>> www.insecurity-ro.org <<<<<<<<<<<<<<< >>>>>>>>>>>>>>> www.h4cky0u.org <<<<<<<<<<<<<<< >>>>>>>>>>>>>>> [email protected] <<<<<<<<<<<<<<< 1 – Introduction 2 – Finding LFI 3

Malaysia mymasjid.net.my’s Web Vulnerability, MySQL Injection

PlanetCreator has reported another critical MySQL Injection (vulnerability) on www.mymasjid.net.my This vulnerability has been alerted to :- Webmaster : [email protected] Applications: ———— PlanetCreator’s_Universal_Advanced_Internet_Securi ty_T00L System Time: ———— (UTC+08:00) Kuala Lumpur,