Web Services Attack Frequency Increasing

Outsmart Malicious Hackers


As we’ve reported a few times recently, more and more attacks being aimed at Web Services such as Orkut, MySpace, Ebay and others.

As more people turn to web applications for everyday tasks like e-mail, friendship and payments, cyber criminals are following them in search of bank account details and other valuable data, security researchers said.

Users of Yahoo’s e-mail service, Google’s Orkut social networking site and eBay’s PayPal online payment service were among the targets of attacks in recent weeks. All three companies have acknowledged and plugged the security holes.

Money is to be made with users data, usually credit card details. It’s also a numbers game, 90% of users are using MS operating systems and most people are still using Internet Exploder. So its pretty easy to target them with the right combination of scripting and browser exploits.

The attacks come as Microsoft, whose Windows operating system runs about 90 percent of the world’s computers, has plugged many of the most easily exploited holes in its e-mail program, browser and other products following dozens of embarrassing breaches over the past several years.

They also come amid the growing popularity of online communities such as MySpace.com and of web-based calendar, messaging and other services offered by Google, Yahoo and others.

The only difference that has shown up is the speed in which web services providers patch the holes in constrast to the time it takes Microsoft or other traditional software vendors to respond (If they respond at all..).

The ability of Yahoo, Google and PayPal to quickly plug this month’s holes highlights one of the differences between combating worms that target websites and those that go after flaws running on an individual’s PC.

PayPal was able to roll out a fix almost immediately by altering several lines of code on its server, company spokeswoman Amanda Pires said. That blocked the ability to exploit a flaw that let cyber criminals intercept users who typed in a genuine PayPal web address, security researchers say.

Wired

Posted in: Exploits/Vulnerabilities, Networking Hacking, Web Hacking

, , ,


Latest Posts:


StaCoAn - Mobile App Static Analysis Tool StaCoAn – Mobile App Static Analysis Tool
StaCoAn is a cross-platform tool which aids developers, bug bounty hunters and ethical hackers performing mobile app static analysis on the code of the application for both native Android and iOS applications.
snallygaster - Scan For Secret Files On HTTP Servers snallygaster – Scan For Secret Files On HTTP Servers
snallygaster is a Python-based tool that can help you to scan for secret files on HTTP servers, files that are accessible that shouldn't be public and can pose a s
Portspoof - Spoof All Ports Open & Emulate Valid Services Portspoof – Spoof All Ports Open & Emulate Valid Services
The primary goal of the Portspoof program is to enhance your system security through a set of new camouflage techniques which spoof all ports open and also emulate valid services on every port.
Cambridge Analytica Facebook Data Scandal Cambridge Analytica Facebook Data Scandal
One of the biggest stories of the year so far has been the scandal surrounding Cambridge Analytica that came out after a Channel 4 expose that demonstrated the depths they are willing to go to profile voters, manipulate elections and much more.
GetAltName - Discover Sub-Domains From SSL Certificates GetAltName – Discover Sub-Domains From SSL Certificates
GetAltName it's a little script to discover sub-domains that can extract Subject Alt Names for SSL Certificates directly from HTTPS websites which can provide you with DNS names or virtual servers.
Memcrashed - Memcached DDoS Exploit Tool Memcrashed – Memcached DDoS Exploit Tool
Memcrashed is a Memcached DDoS exploit tool written in Python that allows you to send forged UDP packets to a list of Memcached servers obtained from Shodan.


Comments are closed.