Oracle has resolved the issue of Denial of service flaw in Oracle application server with an emergency patch. These servers lay their position on the Apache web server software.

Oracle shows articulation of feelings for IBM, since it has recently come forth with two of the flaw eradicator patches for IBM 6.1 and IBM I 7.1 HTTP Servers.

Apache Software Foundation has also introduced new Apache patch for its HTTPD web server, a couple of weeks before. Apache foundation has released two patches; one in the month of August to fix its 2.2.20 server version in which byte range defect was exposed and the recent one for fixing version 2.2.21 server flaws.

The onslaught of denial of service attack, by hackers on the Apache server, goes far in its destruction process, grueling server’s data producing memory faults and lastly retarding server’s performance to a large extent.

Moreover, issues with Oracle Fusion Middleware, Oracle Application Server and Oracle Enterprise Manager are also under consideration of Oracle and being thought that latest released patch would nearly fix all these problems. It is also believed that killer patch caters updated versions of Apache web and Application server for fusion middle ware.

Oracle advised that it is “strongly recommend[ed] that customers apply Security Alert fixes as soon as possible”.

Related posts:

1. Apache Launches Patch To Counteract Server Software Susceptibility
2. Oracle Acquires FatWire
3. Oracle Expanding its Walls

Original: Oracle Positions as Recent Dealer for Patching Apache Killer Flaw

Personal details, including names, postal addresses and passwords, of nearly a hundred members of the union, were publicly posted on Pastebin, after hackers gained illegal access to the BART Police Officers Association website, on Wednesday.

This breach was in response to a recent event, occurred at the Civic Center Station on 3^rd July. Several protests were witnessed, after it was reported that a policeman opened fire at a man who threw a knife and a bottle at him and another officer.

The union of police officers faced a great deal of condemnation from promoters of free speech and the world famous group of hackers-Anonymous, due to them, having rendered mobile phone services inoperative while the protests were going on.

Although, nobody has yet taken the responsibility of this malevolent act, PCmag.com has made an assumption in a report, suggesting that it is probably, “self-proclaimed first-time hacker.”

The malicious group of hackers, Anonymous, too cannot certify, whether or not, this act has been conducted by a hacker of their own group. The group, recently, posted on Twitter stating, “The leak today could be the work sanctioned by those who truly support anonymous, or agent provocateurs. Stay skeptical.”

Till now, there are no signs of the BART Police Officers Association, gaining control over its website- down since 11:00 am EST, on Thursday.

Related posts:

1. Spanish Authorities Face Hack Attack after Arresting Three for Attack on PlayStation
2. London Police Arrests Hacker for Involvement in PlayStation Network Hack
3. Security Firm HBGary Taken Over by Anonymous Hacker Group

Original: EnterHost and SmarterTools Renew Partnership

According to a report by KrebsonSecurity, e-banking security guidance “Authentication in an Internet Banking Environment” released by the Federal Financial Institutions Examination Council (FFIEC) is now updated and has proven to be more relevant compared to its initial version introduced to the bankers in 2005.

The update was a consequence of a recent attack on the Citigroup’s customer database that exposed the personal details of 360,000 banking customers to the hackers.

Since the release of the guidelines in 2005, the attacks/threats have become more subtle but unfortunately the guidelines issued initially failed to provide any guidance as to how should a financial institution and the customers use the technology smartly.

Both versions of the report have validated the risks and the threats posed to financial institutions and have suggested the institutions to 1) Evolve threats to online accounts and adjust their customer authentication; 2) Framework Layered Security; and 3) Identify any other relevant controls as appropriate in response to the identified risks.

The confidence level of the banking customers rose after the initial release of the guidelines believing that much care has now been taken with regard to online banking security issues. Therefore, the banks are instructed to limit the amount of internet bank offerings and apply any relevant controls needed. One of the ways mentioned in the guideline to safeguard the online transactions and business is to implement layered security.

As the report defines, “Layered security can substantially strengthen the overall security of Internet-based services and be effective in protecting sensitive customer information, preventing identity theft, and reducing account takeovers and the resulting financial losses”.

A blog post by Krebs in response to the guidelines says that “Layered security should be able to detect strange or unusual behavior when the customer is logging into the system and when initiating electronic transfers to third parties”.

The public is not at all aware of the scams that affect their personal bank accounts when dealt with online. According to the report, customers should be readily educated and should at least bear the basic knowledge of internet banking and the threats associated with it.

Krebs further states that the guidelines have helped banks to examine their position and check if they are securing their customers against any such threats or not.

The guidelines can also prove to be a new opportunity for security service providers to raise revenues by transforming the guidelines in a comprehensive and a meaningful solution and offer it to the financial institutions.

Related posts:

1. Online Banking and Security Threats
2. How Secure is Your Hosting Solution?
3. McAfee Seeks to Secure the Cloud

Original: Revisions Made to E-Banking Guidelines for more Secure Solutions

Several factors affect the internet users that include hacking, viruses, crash-downs and other related disasters. It is hacking that we all fear the most because once hacked, we must say good-bye to all the information related to our site, account, mail and personal data. The recent hacking of Sony is one such example where the website had to relinquish personal information and users’ account.

Since internet usage is pretty common these days, the users must therefore be aware and cautious of the internet disasters.

1. Hacking

Do you know that passwords such as ‘iloveyou’ or ‘12345’ make you the hacking bait? Do you know that by keeping passwords like ‘password’, ‘princess’, ‘abc123’ and ‘rockyou’, you are actually exposing yourself to hackers? Common sense is a good thing, and if practised, it can be handy and protective.

One common mistake that most of the users make is to use their own or their lover’s name as password – another open invitation to hackers. It is sane to keep a complicated, long password that includes both digits and alphabets.

2. Virus

People unknowingly invite viruses to their systems by carelessly accepting internet files, downloading videos and opening e-mail attachments. The following viruses are few such examples:

1. I. VBS/Loveletter

This Mr. magnetic has affected more e-mail addresses than any other virus of the sort. Its attractive name makes it a magnet and users usually succumb to the catchy title, and therefore open the attachment only to get their accounts crashed.

1. Melissa virus has had a history of crashing major sites such as Microsoft.
2. MyDoom, as the name suggests, brings the doomsday for email accounts. Not only the opener’s account is busted, all the contacts in address book are also affected.

Sasser, Witty, Code Red, Nimda, SQL Slammer and Morris are the names of the most deadly internet worms and viruses that users need to watch out for. Internet is an amazing world, if used carefully and alertly, it can be an excellent place to hang out.

Related posts:

1. Fighting Spam and Viruses with Hardware Solutions
2. Protecting Your Computer against Viruses and Spyware
3. What are Hackers, Really?

Original: Use internet sensibly to save yourself from Hackers and Viruses

After the website was hacked on Tuesday, WordPress is going over its data logs and working to improve its security. Although the company claims it was a small breach, they are concerned the site’s source code may have been copied. The hackers managed to gain access to the site’s servers; however, websites hosting WordPress on their personal servers are not expected to experience any problems.

The founder of WordPress, Matt Mullenweg stated that although most of the website’s coding is open source, there is plenty of sensitive data present which may be used for malevolent purposes by the hackers. Though it is not completely clear what information was taken precisely, it is possible the hackers managed to get premium customers’ twitter and Facebook passwords.

Premium customers include big players like Flickr, Yahoo and NASA. Mullenweg was quoted to have said, “Our investigation into this matter is ongoing and will take time to complete”. Premium customers were urged to create stronger passwords in order to fight more potential breaches.

This hacking is the latest in a string of attacks which have been chasing the popular blogging host website. Only last month, WordPress suffered a DDoS attack which resulted in bringing down its data centers. Back in 2009, some hackers had managed to gain access through the creation of secret administrator accounts.

WordPress is one of the most popular websites for blogging purposes. It is providing blog hosting to almost 18 million users worldwide. The complete statement as given by WordPress founder, Matt Mullenweg, can be found here: http://en.blog.wordpress.com/2011/04/13/security/

Related posts:

1. Huge DDoS Attack on WordPress
2. WordPress Web Hosting – Reasons to Choose
3. 12 Most Effective Ways to Speed Up WordPress Blog Loading Time

Original: WordPress Servers Hacked!

The latest trend in the underworld of cybercrime is the sale of exploitation kits with features like web hosting services. Customers pay for the amount of time the exploits are actively infecting systems. These kits provide customers with a variety of exploits depending on their need. Exploits are a series of code that takes advantage of (exploits) the software vulnerabilities of a computer, system or network to upload malware and viruses.

This new business model is for other hackers and cybercriminals who have a problem finding secure, “bulletproof” hosting which is ISP that host malware servers. The exploitation package is intended for cybercriminals who are searching for a large number of hacked computers currently running Microsoft Windows for which they can use to exploit various types of information. Once these machines are hacked, they can be used maliciously to:

• Steal personal information
• Send spam
• Send malware from hacked email addresses
• Conduct denial-of-service attacks
• Upload viruses

The other main benefit is the low cost. Since cybercriminals are only paying for the amount of time an exploit is active, they can save on the web hosting cost. It is estimated that the exploit service with malware hosting costs between $100 and $200 per month. This is an excellent deal since all aspects are managed by the service provider. When calculating the monthly pay, it is assumed the account is more affordable than personal hosting.

The only requirements are the customer must provide their own malware and hack websites to create redirects to the rogue servers. When an unknowing victim reaches one of the infected websites, an iframe is presented that displays content from these hidden servers that hacks the visitor’s machine with the uploaded exploits. Unfortunately, the user will have no idea this is occurring as the fake site appears to be real.

Up to this point, approximately 8,000 websites have been hacked for this purpose. Some victims have become infected with malware and other files through normal browsing. In addition to the redirects, cybercriminals are also using spam campaigns to draw new potential victims to these infected websites.

Now that cybercriminals have easy access to conduct online tasks with nefarious intent, it is likely the number of cybercrimes will increase in the coming years until countries shut down these web hosts. Unfortunately, once one exploitation kit company is shut down, another one will open up almost immediately.

Related posts:

1. Why is Web Hosting Security so Important?
2. Make Sure That You Avoid Viruses While Using Windows 7
3. Malicious Software: Is Your Hosting Provider Protected?

Original: Exploitation Kits being Sold to Cybercriminals

Every day web hosting providers spend countless hours trying to secure the transactions and communications of their customers in order to maintain a reputable business reputation online. Likewise, every day thousands of hackers try their hardest to find new exploit so that they can intercept and decode encrypted data, and gain access to the administrative interface of innocent webmasters’ web hosting accounts. Thus, security is not something that should be overlooked when selecting a web host, especially if you plan on conducting e-commerce with your website. The following are three of the most dangerous web hosting security problems that web hosting providers and webmasters have to be aware of on a regular basis.

Financial Fraud

The first and foremost security concern of a hosting company is the protection of financial data that is transferred and stored on their Web servers. The Internet is a gigantic cyber marketplace that has millions of online stores and hundreds of millions of customers shopping at any given point in time. Hackers thrive in such an environment by exploiting any possible loopholes as much as possible. A single security flaw can result in hundreds of thousands or even millions of dollars lost in a single day, especially if the integrity of a web server used to facilitate high volumes of e-commerce is compromised. Thus, hosting companies provide state-of-the-art encryption technology to their customers to ensure that their checkout pages are completely secure. Keeping the credit card and payment details of your customers safe at all times should be your primary concern as an online business owner.

System Overloads

One of the oldest, yet most common and troublesome security concerns in web hosting is the dreaded DDoS (distributed denial of service) attack. This attack bares its name because the hacker is actually distributing a denial of service by overloading a web server with massive amounts of traffic or requests within a certain period of time. This causes the web server to temporarily shut down in response to restrictions and limitations put in place by the web hosting provider, in order to ensure that each customer has access to an adequate amount server resources at all times. In other words, if one website or a single web server is using too many server resources at once, it can be shut down. Thus, hackers attempt to send large amounts of requests to specific Web servers in an attempt to cause server downtime, affect the performance of the hosting service, and possibly gain administrative access to the Web servers in the process.

Malicious Scripts

Another serious security problem that web hosting providers have to face on a regular basis is malicious scripting, which has the potential to gather an immense amount of data for hackers and cyber criminals in a short period of time. Usually these scripts are attached to web applications that are used by webmasters to increase productivity and enhance certain website management capabilities. These scripts utilize popular programming languages and platforms such as PHP to send and receive data from webmasters’ websites. Viruses can also be spread on Web servers in a similar fashion, jumping from website to website until a solution is found. When a web server is infected with a virus, many of the websites on the server will attempt to inject a virus onto visitors’ computers, thereby affecting the reputation of the sites. Thus, malicious scripts need to be proactively combated in order to ensure a high quality of service and the safety of web hosting customers.

Related posts:

1. PHP and Normal Web Hosting Security Problems
2. Assessing your Network for Security Holes
3. Problems Associated With Shared hosting

Original: Three of the Most Dangerous Web Hosting Security Problems

As a savvy online guru of the 21^st century, then it’s obvious you have numerous accounts that you routinely log into on a daily basis over a cup of morning coffee.  Whether it’s to check company e-mail, back-up web host server files, maintain websites, update blogs, or view the sales of your online e-Commerce venture; each of these tasks requires you to enter a unique username and password before proceeding into your personal account.  Thus, do you ever wonder with so many password demands, is there an easier and safer way to manage your login information without the fear of being hacked?

When it comes to protecting your personal information and ensuring security, the process begins with a unique username and strong password.  While usernames should not be dismissed when it comes to security issues, passwords are the real keys to unlocking unauthorized entry.  Not only does a secure password thwart hackers, but it also prevents unauthorized co-workers or business associates from initially accessing files on your hard drive or web host server without you granted permission.

Consider the essential ingredients of a strong password and ensuring login safety:

• Consist of at least eight various characters; the more, the better!
• Scramble a combination of letters, numbers and symbols.
• Throw grammar rules out the window – mix upper and lower case letters.
• Avoid using common words found in the dictionary.
• Different passwords for different accounts.
• Change passwords frequently.
• Never write down passwords, much less in a conspicuous location.
• Never ever share your passwords with anyone!

Need Help Formulating a Strong Password?

Many online business owners with multiple accounts are discovering the vast benefits of using secure login tools such as random password generators, form auto-fills and secure reminders.  Security experts even recommend that you never use the exact same passwords.  The obvious reasons being if a hacker is clever enough to break into one account, chances are that you’re other accounts with the same password are equally as vulnerable.

As tempting as it may be, also refuse the urge to use the name(s) of your beloved pet, or first high school sweetheart.  To ensure security of your online business affairs, it’s imperative you think outside the hacker’s box!   If you still need help formulating a secure password, consider using the assistance of one of the many readily available online random password generators to help.

A password generator software program takes the time consuming effort required to formulate a uniquely random password and generates secure password in less than five minutes.  The software is considered by many business owners a must-have security tool.

Password Generator software packages can range in prices anywhere from absolutely free to several hundred dollars.   Additional software is available that also helps to organize login information as well as complete auto-fill fields if so desired.   A final buyer’s caveat:  Before purchasing or downloading software, read the user agreements and inquire if you suspect any hidden costs.

Related posts:

1. Thirteen Easy Tips to Create a Perfect Password
2. How To Secure Your Web Site
3. 5 Easy Ways to Make Your WordPress Site Super Secure

Original: The Ingredients of a Secure Password

Web host security issues should be an integral part of the daily routine and maintenance of your website.   Although e-commerce owners go to great lengths to ensure the protection of valuable data submitted through online transactions, many other website gurus often become complacent when it comes to security issues.  Hackers, on the other hand, remain vigilant for breaches in cyber security premises.

Stealing Identities

Web host hackers are the annoying thorns in the side of millions of website owners on a habitual basis.  For some it’s as irritating as removing spam flooding online forums with tantalizing offers (always too good to be true), while for others it’s as devastating as losing billions in revenue when once loyal customers bail after learning their credit card account information has been shared, and soon after, identities stolen.   Unfortunately, the latter is a more common nightmare than many are willing to admit.  Furthermore, many mailing lists and other subscription services neglect to inform subscribers personal information will either be shared or sold to other companies to expand existing databases.

Weak Passwords in Vulnerable Locations

In order to establish a formidable and reliable online presence, you must protect your endeavor, and respectfully, your customers or visitors.  Creating a strong password is the strongest line of defense when protecting your web host account from hackers.  Opting to use a password generator is often helpful when setting up an account, providing a random string of characters to serve as a unique password.  If you own several web host accounts, it can never be stressed enough to avoid the temptation to use the same login information for the same account just because it may be easier to remember.

Always keep your login information in a safe location and never feel obligated to share.  Such information is usually stored in an encrypted file on a hard drive, however, for optimal protection, password protect the file with yet another generated password.   Although some industry professionals disagree, others recommend keeping the login information in two separate locations in case of an emergency.

Other Cyber Calamities

In addition to the havoc hackers wreck by stealing credit card information and identities, once gained entry into your web host account, the high-tech criminals can effortlessly transfer ownership of your domain(s), modify the existing appearance of your website, embezzle your website’s advertising credits and hijack e-mail lists.

Perhaps a little known fact:  technology advances based on Moore’s law which theorizes each year society’s technological capabilities double.  As a website owner, this means every year you must double security measures to prevent would-be hackers from destroying within seconds an endeavor that took years to build.  With this in mind, although you may have an existing solid password, it should be changed each year to prevent hackers advancing with the times from stealing login credentials.

Albeit, protecting your web host account is easier said than done, however, it’s not an impossible feat.  By applying advanced security measures, along with some common sense, ensures your website is better protected from potential cyber criminals!

Related posts:

1. Web Hosting Security in Three Easy Steps
2. Creating Web Host Passwords for Novice Users
3. Tips to Ensure Security on a Shared Host

Original: Web Host Security Issues Hackers Won’t Share

The founder of WikiLeaks recently stated the United States is aggressively tracking his organization under a secret and illegal investigation prompted by U.S. officials. This investigation began following the release of 250,000 confidential documents by the organization to the public domain. This release was viewed by U.S. law as espionage.

As of Thursday, December 17^th, Julian Assange, the founder of WikiLeaks, was released from a UK jail after being granted bail. This was following 10 days of imprisonment. He is staying at a friend’s house in Suffolk, UK where his legal defense is also being prepared. The defense is for extradition back to Sweden for charges of sexual assault.

He informed reporters that individuals with a tie to WikiLeaks have been followed around, detained and had their computers seized. He also added that he is 80 percent certain U.S.-based authorities are having him extradited back to the United States to face espionage charges. Assange is worried about this as U.S. officials have been calling for his execution and kidnapping of his staff.

U.S. Attorney General Eric Holder recognized it to be difficult to charge the hackers that have attacked websites of companies which it views against WikiLeaks. These companies include:

• Visa
• MasterCard
• PayPal
• Moneybookers
• PostFinance

Although authorities are searching for this group named, “Anonymous,” it would be difficult to located them and bring them to the United States for trial. Prosecutors would have to acquire subpoenas for different ISP’s and acquire a search warrant to scrutinize hard drives.

However, there have already been two Dutch teenagers arrested in connection with the denial of service (DDoS) attacks on different companies. Unfortunately, there are a number of other hackers across the globe believed to be involved.

Despite Assange claims that the United States is aggressively pursuing him, the fact is he broke U.S. law, ruined the reputations of many U.S. officials and exploited a security gap in homeland security. Officials in many countries believe he will and should get what he has coming to him.

After being tried for various crimes, Assange will eventually be transferred to the United States for prosecution. The evidence is strong against him and his group. Ultimately, the outcome for Assange will not be welcome and desirable. In the meantime, with the release of so many documents, the U.S. Government is going to need to enact damage control to eliminate this breach from the public eye.

Related posts:

1. Wikileaks Striving Hard To Reformulate Content Protection Laws Around The Globe

Original: U.S. Pursuing WikiLeaks