United Nations Website Contains SQL Injection Flaws Three Years After Hack, Researcher Says |
- United Nations Website Contains SQL Injection Flaws Three Years After Hack, Researcher Says
- Scrutiny for Chinese Telecom Bid
- Researcher Arrested in India After Disclosing Problems With Voting Machines
- [Dataloss Weekly Summary] Week of Sunday, August 15, 2010
- How Your Business Can Avoid Being Collateral Damage In A Cyber War
| United Nations Website Contains SQL Injection Flaws Three Years After Hack, Researcher Says Posted: InfoSec News: United Nations Website Contains SQL Injection Flaws Three Years After Hack, Researcher Says: http://www.darkreading.com/vulnerability_management/security/vulnerabilities/showArticle.jhtml?articleID=226900111 By Kelly Jackson Higgins DarkReading Aug 23, 2010 Three years after the United Nations' website was defaced by activist hackers using a SQL injection attack, the site still contains multiple instances of these vulnerabilities. Security researcher Robert Graham, CEO of Errata Security, did his now-annual checkup on the UN site and found that while the UN had removed the bug that was exploited in the August 2007 attack, the site is still rife with multiple SQL injection vulnerabilities. In the 2007 defacement, attackers replaced then-Secretary General Ban Ki-Moon's speeches with some of their own calling for "peace forever" and "no war." The attackers exploited a SQL injection bug. "In what's become a yearly blogpost, the UN still has not fixed the SQL injection problems that led to their website being hacked back in 2007," Graham blogged today. "For example, if you click on 'print this article', then use that URL instead, the SQL injection still works." [...] 5B |
| Scrutiny for Chinese Telecom Bid Posted: InfoSec News: Scrutiny for Chinese Telecom Bid: http://www.nytimes.com/2010/08/23/business/global/23telecom.html By David Barboza The New York Times August 22, 2010 SHANGHAI -- Warning about a potential threat to national security, eight Republican lawmakers have asked the Obama administration to scrutinize a [...] |
| Researcher Arrested in India After Disclosing Problems With Voting Machines Posted: InfoSec News: Researcher Arrested in India After Disclosing Problems With Voting Machines: http://www.wired.com/threatlevel/2010/08/researcher-arrested-in-india By Kim Zetter Threat Level Wired.com August 23, 2010 A security researcher in India has been arrested after he refused to provide authorities with the name of a person who supplied him with an [...] |
| [Dataloss Weekly Summary] Week of Sunday, August 15, 2010 Posted: InfoSec News: [Dataloss Weekly Summary] Week of Sunday, August 15, 2010: ======================================================================== Open Security Foundation - DataLossDB Weekly Summary Week of Sunday, August 15, 2010 24 Incidents Added. ======================================================================== [...] |
| How Your Business Can Avoid Being Collateral Damage In A Cyber War Posted: InfoSec News: How Your Business Can Avoid Being Collateral Damage In A Cyber War: http://www.csoonline.com/article/604663/how-your-business-can-avoid-being-collateral-damage-in-a-cyber-war By Richard Power CSO August 23, 2010 All around the world, governments declare they are gearing up for cyber war. I know, I know, to anyone who has been at this for any significant [...] |
| You are subscribed to email updates from [ISN] InfoSec News Mailing List To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google Inc., 20 West Kinzie, Chicago IL USA 60610 | |
0 comments:
Post a Comment