Log in

Posts Tagged ‘SQL injection’

Nokia Developer Network hacked

September 1st, 2011

NDN hacked exposing developer data

Hackers are firing rounds after rounds of data breaches. They are getting better at it and taking advantage of the fact that security systems are not that robust.

Nokia’s developer forum was recently hacked and a database table containing e-mail addresses of developer forum members was accessed. This was done by exploiting vulnerability in the bulletin board software that allowed an SQL injection attack.

As per statement given by Nokia “Initially we believed that only a small number of these forum member records had been accessed, but further investigation has identified that the number is significantly larger,” the statement said.

Apparently the bug was quickly fixed but the developer community website was taken off. The discussion boards are not yet accessible. As per Nokia’s advisory the service should be up and running soon.

Those who visited the site before it was closed were redirected to a website that showed an image of Homer Simpson smacking his head and exclaiming “D’Oh.” Just below his picture were the words “Worlds number 1 mobile company but not spending a dime for server security! FFS patch you security holes otherwise you will be just another antisec victim. No Dumping, No Leaking!”

The site is under further investigation and security assessment. Initially it was assumed that only a small number of email addresses were accessed but later it was found out that a large amount of data was compromised.

The company further adds “We are not aware of any misuses of the accessed data, but we are communicating with affected forum members, though we believe the only potential impact to them may be unsolicited e-mail.” Nokia added that it “apologizes for this incident.”

The attack was claimed by a hacker known as “pr0tect0r AKA mrNRG”, believed to be based in India.

This happened at a bad time for the Finnish company as it is quickly losing market share to Apple’s iPhone and to companies that manufacture smartphones that use Google’s Android OS. Nokia is looking to increase its share of the U.S. market through a partnership with Microsoft. Nokia plans to start a new line of Windows Phone 7-powered phones by end of 2011 or early in 2012.

Security guaranteed with Alertsec Xpress

This incident highlights the need of a data security and data encryption software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Alertsec has offices in the US, UK, Sweden and operates in many other countries around the world through partners.

It’s mission is to continuously improve its products and services in order to deliver the easiest and most cost-effective managed encryption service on the market.

No comments »

Posted in Computer security, Data Protection, Hackers, computer security software, data breach, data encryption

Tags: Android computer encryption software data breach data security data theft prevention Email address Google Homer Simpson ICQ Internet forum IPhone Nokia security SQL injection Table (database) Uniform Resource Locator Windows Phone 7

Cost of One Breach = $1 Million To $53 Million via Ponemon Report

July 26th, 2010

: Image via Wikipedia

According to a recent study conducted among 45 Every week there is atleast one attack on organizations and the cost of these attacks varies from $1 million to $53 million per year, according to a newly published benchmark study of 45 U.S. organizations hit by data breaches.

Background about the study

The study conducted by Ponemon Institute has been titled “The First Annual Cost of Cyber Crime Study” (PDF). The average cost of cyber crime for american companies is a loss of $3.8 million a year. Primarily this covers all aspects ranging from detection to investigation to containment and recovery.

Over a course of ‘4′ week period, Ponemon Institute conducted interviews with 45 organizations from various verticals. The people who are handling the data protection vertical and IT practitioners from various organizations were interviewed. These people shared the average volume of threats faced by them everyday. The number of attacks experienced by these companies in a week were ‘50′ which is higher than one successfull attack per organization.

The second study conducted by Digital Forensics Association is called as “The Leaking Vault” (PDF). The details of this reports are again quite surprising and have also come as a strong eye-opener to all the involved organizations.

It has been found out that among the 2,807 data breaches which were publicly disclosed worldwide during the last five years, the cost to the victim firms was a whopping $139 billion.

Results from the report

Some underlying statistics from the report:

Nearly half of all of the reported breaches have comefrom a laptop, which was stolen in 95 percent of the cases signifying the important of encryption software.
Actual hacks accounted for the most stolen records during 2005 to 2009, with 327 million of the 721.9 million covered in the report.
It was also found out that Web-borne attacks, malicious code, and malicious insiders are the most costly types of attacks
The costs are as follows:
Web-based attack – $143,209
Malicious code – $124,083
Malicious insiders – $100,300

More than one third of security breaches during the ‘5′ year period exposed Social security numbers clearly indicating that leakages expose SSNs. At the second rank are the credit cards which are exposed 14 percent of the times. At an overall level malware leads the attacks at 25% followed by SQL injection attacks at 24%. The stolen credentials were found out in 16 percent of the cases.

Want to prevent breach?

Have you been affected by data breach? Do you think that your organization is susceptible to a potential security breach? For further information visit our website where you will learn about our encryption software and other security protection methods.

If you use a data security software a theft would simply be reduced to an insurance matter and cost of the hardware plus time to rebuild the laptop. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Study: Cybercrime costs a business $3.8 million a year (macworld.com)
ArcSight and Ponemon Institute Release First Annual Cost of Cyber Crime Study (eon.businesswire.com)

3 comments »

Posted in Uncategorized

Tags: Computer crime Credit card data breach data security Malware Ponemon Institute security SQL injection Warfare and Conflict

Finance Giant DA Davidson Reprimanded for Data Breach

April 14th, 2010

: Image by RobotMachine via Flickr

In a nutshell, this can be termed as a surprising incident and an attack for which the official authorities were totally unprepared. The financial giant, DA Davidson has been fined $375,000 by US authorities for a series of failures that allowed criminal hackers from Latvia to steal vital customer information and threat them towards dire consequences. Closely similar to other such incidents of hacking, it is believed that confidential information of nearly 200,000 customers was stolen.

The information that has been leaked includes customer account numbers, social security numbers, names, addresses, dates of birth etc. It is believed that the database of the consulting company was compromised 3 years back in December 2007 by unknown hackers using simple SQL injection attack.

The company D.A. Davidson is a brokerage firm and regional investment bank based in Great Falls, Montana. Additionally, they also have presence in Oregon and overall, they have over eight offices in the state and a 105-employee investment banking operation.

A spokesman of the company said that the invaders used a sophisticated technique law enforcement officials had seldom before seen.

It was only when the hackers sent a threatening email the following month the company realized that they had been hacked. Although, the authorities could have easily identified the attacks through the web-sever logs. On their side, the hackers were offcourse demanding large amount of money.

After learning about this attack, the organization made appropriate notifications in the law authorities and also provided an update to their customers. In coordination with the secret service group, it was identified that 4 members of an attack were responsible for the hacking attack. Three of them were brought down from easter europe for legal charges in the federal court in US.

Although FINRA (Financial Industry Regulatory Authority) appreciated DA Davidson’s efforts post attack discovery, they also blasted the authorities for their lacklustre attitude before that. A high profile consulting team had advised D.A. Davidson to upgrade their computer systems and infact the customer database was not even encrypted and DA Davidson authorities had kept the password as default blank in place.

According to James Shorris, executive director, enforcement, Finra: “Broker-dealers must be especially vigilant about protecting its customers’ confidential information, which includes ensuring that its technology is sufficient. In this case, the firm placed its database containing confidential customer information on a server that was perpetually exposed to the Internet, but failed to implement basic safeguards to protect that data – even though the firm had been advised before this incident to implement an intrusion detection system.”