The i-Technology Media!
Register | Log in
   
 
.NET  ·  AJAX  ·  CLOUD  ·  ECLIPSE  ·  FLEX  ·  OPEN WEB  ·  iPHONE  ·  JAVA  ·  LINUX  ·  OPEN SOURCE  ·  ORACLE  ·  PBDJ  ·  SEARCH  ·  SILVERLIGHT  ·  SOA  ·  VIRTUALIZATION  ·  WEB 2.0  ·  WIRELESS  ·  XML
Comments
Drool, Britannia? Is the UK Failing the Cloud?
By Roger Strukhoff
Richard Davies wrote: The UK has a good crop of technology pioneers in cloud computing - for example ElasticHosts, FlexiScale, Flexiant, OnApp - and also some strong government initiatives such as G-Cloud. We will have to see whether this kind of technical leadership converts into swift mass-market adoption or not.
Jan. 8, 2012 11:38 AM EST
read more & respond »
Cloud Expo on Google News
Did you read today's front page stories & breaking news?

Cloud Expo & Virtualization 2011 West
Keynotes
Oracle
Opening Keynote | An Enterprise Cloud for Business-Critical Applications
Abiquo
Day 2 Keynote | The Enterprise Cloud Tightrope - Balancing for Success
Akamai
Day 3 Keynote | The DNA of an Enterprise Cloud
DIAMOND SPONSOR:
Oracle
Many Clouds, Many Choices'Cloud
PLATINUM PLUS SPONSORS:
Abiquo
Enterprise Cloud Best Practices - Town Hall - Join the discussion…
PLATINUM SPONSORS:
Intel
Progressing Toward the Federated, Automated and Client-Aware Cloud
New Relic
How to build an app with Twitter-like throughput
Rackspace
Computing in the Cloud Era
GOLD SPONSORS:
Gale Technologies
Practical Cloud Migration
IBM
Re-think IT. Re-inventing Business.
Intel/McAfee
Identity Driven Security in the Cloud
PerspecSys
Hackers Hackers Everywhere, Is My Public Cloud That Safe?
Red Hat
Unlock the Value of the Cloud
SHI
Mission Critical Applications and the Cloud - Myth or Reality?
SoftLayer
Not Your Grandpa's Cloud
Terremark
Integrating Enterprise Clouds
VMware
Upgrade to a vCloud
POWER PANELS:
Cloud Expo Silicon Valley: CTO Power Panel
Cloud Expo Silicon Valley: CEO Power Panel
Cloud Expo Silicon Valley: Cloud SuperStars Panel
Cloud Expo Silicon Valley: CloudNOW Panel
Click For 2010 West
Event Webcasts
Cloud Expo & Virtualization 2011 East
DIAMOND SPONSOR:
Dell
Dell & VMware Deliver the Enterprise Hybrid Cloud
PLATINUM PLUS SPONSORS:
Abiquo
Are Financial Services Organizations Risking Security by Avoiding Cloud Computing?
Oracle
From Consolidation to Enterprise Private PaaS
PLATINUM SPONSORS:
Intel
Driving the Transformation to Next Generation Cloud Data Centers
Rackspace
The Inevitability of an Open Cloud
GOLD SPONSORS:
CA Technologies
Follow YOUR path to Cloud Computing
Interxion
Who Keeps the Cloud in the Air?
Microsoft
Patterns for Cloud Computing
PerspecSys
War in the Clouds: Are you ready?
ServiceMesh
The Big Win: Stop Playing Small-Ball with Your Cloud Strategy
Terremark
Evaluating Enterprise Clouds
Xiotech
Cloud Storage: Myths and Realities
POWER PANELS:
Cloud Expo New York: CTO Power Panel
Cloud Expo New York: CEO Power Panel
Cloud Expo New York: CMO Power Panel
Cloud Expo New York: Wrap-Up Power Panel
Click For 2010 West
Event Webcasts
Live Google News by SYS-CON!
Top Three Links You Must Click On


From the Blogosphere
Hacks, Hackers, Hacking
75% of cyber attacks & Internet security violations are generated through Internet applications

By: Peter Silva
Sep. 9, 2009 05:15 AM

In Information Technology, a hack can either mean a quick non-standard fix to make something work OR to modify a program to gain access that otherwise would be unavailable.  As an aside, there is a bit of controversy over the term hack/hacker as they have evolved over the years and some don’t like the connection between ‘hacker’ and ‘security cracking.’  Once the mass-media started identifying those who had criminal intents as ‘hackers,’ the general population added it to their vernacular and didn’t distinguish between white or black hats much to the dismay of the computer community.

Now to the numbers.  Even back in 2001, Gartner mentioned that 75% of cyber attacks & Internet security violations are generated through Internet applications.  Today, probably 70% of the attacks are now  hacks specifically targeting Layer 7. Malware is mostly about stealing and harvesting data. During the height of the economic downturn, especially during October & November 2008, the financial crisis was fueling online crime – not to mention the disgruntled workers who had gotten laid-off.  In 2008, Data theft Trojans increased 1,559% and Malware increased 582% with many of the attacks aimed at the energy/oil industry and transportation sector. Yes, we hear about the retail and financial attacks but energy and transportation could be considered infrastructure, to some extent, and those areas are attractive to those who want to disrupt basic services.  One of the best stories I’ve read was from IBM.  Their Internet Security Systems said they were seeing 450,000 web-infecting SQL injections a day.  That’s a lot but not the whole story.  During the first 5 months of 2008, they were only blocking around 5,000 SQL attacks a day.  By June, that number was up to 25,000 a day and just before Halloween, 450,000 SQL injection attempts were made a day.  The June full day numbers were now happening every hour.  The most common ways of delivering malware is either through pdf or flash initiated with XSS or SQL injection.  Jeremiah Grossman of WhiteHat lists his Top Ten Web Hacking Techniques of 2008 here.

2009 brought more focus in the ways ‘hackers’ gain control both due to media coverage of high scale breaches and regulatory compliance deadlines.  SANS published their Top 25 Most Dangerous Programming Errors in an attempt to help both software developers and software customers understand some of the most critical issues facing code development.  The OWASP Top 10 also seemed to get renewed interest even though it’s still the 2007 edition.  (I believe they are working on a v2009 based on the OWASP message site and the working session page).

If all that wasn’t enough, both Cybersquatting and ATM hacks also garnered press. The World Intellectual Property Organization (WIPO) handled 2,329 cases under its dispute procedure for Internet page names and someone even tried to hack the hackers at Defcon last month.  Almost any celebrity death, major sporting event, or any other situation which gains major headlines, can also bring malware.  If you allow remote Tele-worker access, make sure you scan the security posture of their device prior to entry.  Prevention?  Stay up to date on patches, AV/FW definitions, don’t click thru unknown emails & pop-ups but most importantly, be careful out there.

ps

  • #8 out of 26 Short Topics about Security
  • previous stories: 7, 6, 5, 4, 3, 2, 1

Read the original blog entry...

Published Sep. 9, 2009— Reads 1,893
Copyright © 2009 SYS-CON Media, Inc. — All Rights Reserved.
Syndicated stories and blog feeds, all rights reserved by the author.
About Peter Silva
Peter Silva covers security for F5’s Technical Marketing Team. After working in Professional Theatre for 10 years, Peter decided to change careers. Starting out with a small VAR selling Netopia routers and the Instant Internet box, he soon became one of the first six Internet Specialists for AT&T managing customers on the original ATT WorldNet network.

Now having his Telco background he moved to Verio to focus on access, IP security along with web hosting. After losing a deal to Exodus Communications (now Savvis) for technical reasons, the customer still wanted Peter as their local SE contact so Exodus made him an offer he couldn’t refuse. As only the third person hired in the Midwest, he helped Exodus grow from an executive suite to two enormous datacenters in the Chicago land area working with such customers as Ticketmaster, Rolling Stone, uBid, Orbitz, Best Buy and others.

Bringing the slightly theatrical and fairly technical together, he covers training, writing, speaking, along with overall product direction and evangelism for F5’s security line. Prior to joining F5, he was the Business Development Manager with Pacific Wireless Communications. He’s also been in such plays as The Glass Menagerie, All’s Well That Ends Well, Cinderella and others. He earned his B.S. from Marquette University, and is a certified instructor in the Wisconsin System of Vocational, Technical & Adult Education.

Add Your Feedback

In order to post a comment you need to be registered and logged in.

Register | Sign-in

Reader Feedback: Page 1 of 1

Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
Click to Add our RSS Feeds to the Service of Your Choice:
Google Reader or Homepage Add to My Yahoo! Subscribe with Bloglines Subscribe in NewsGator Online
myFeedster Add to My AOL Subscribe in Rojo Add 'Hugg' to Newsburst from CNET News.com Kinja Digest View Additional SYS-CON Feeds
Publish Your Article! Please send it to editorial(at)sys-con.com!

Advertise on this site! Contact advertising(at)sys-con.com! 201 802-3021

SYS-CON Featured Whitepapers

ADS BY GOOGLE

Breaking Java News
Kate Upton is the 2012 Sports Illustrated Swimsuit Cover Model
Grande Cache Coal Corporation Announces Third Quarter Fiscal 2012 Financial and Operating Results and Provides Updated Outlook for Fiscal 2012
Former Education Secretary William J. Bennett Praises Concept Behind New ifocus Computer Game Which Improves Kids' Attention Span
Director Michael Bay Signs Two-Picture Deal With Paramount
Poly Plant Project, Inc. Files Lawsuit Against Dan Huber and RMT International, Inc. Claiming Fraud and Breach of Contract
Adaptive Network Security at 10Gig Speeds
Survey Shows Government Agencies Bringing More Electronic Discovery In-house as Confidence Continues to Grow
Mitsubishi Electric's Thailand Factory Outputs 100,000th Elevator/Escalator
ADVERTISE   |   MAGAZINE SUBSCRIPTIONS   |   FREE BREAKING-NEWSLETTERS!   |   SYS-CON.TV   |   BLOG-N-PLAY!   |   WEBCAST   |   EDUCATION   |   RESEARCH
.NET Developer's Journal - .NETDJ   |   ColdFusion Developer's Journal - CFDJ   |   Eclipse Developer's Journal - EDJ   |   Enterprise Open Source Magazine - EOS
Open Web Developer's Journal - OPENWEB   |   iPhone Developer's Journal - iPHONE   |   Virtualization - Virtualization   |   Java Developer's Journal - JDJ   |   Linux.SYS-CON.com
PowerBuilder Developer's Journal - PBDJ   |   SEO / SEM Journal - SJ   |   SOAWorld Magazine - SOAWM   |   IT Solutions Guide - ITSG   |   Symbian Developer's Journal - SDJ
WebLogic Developer's Journal - WLDJ   |   WebSphere Journal - WJ   |   Wireless Business & Technology - WBT   |   XML-Journal - XMLJ   |   Internet Video - iTV
Flex Developer's Journal - Flex   |   AJAXWorld Magazine - AWM   |   Silverlight Developer's Journal - SLDJ   |   PHP.SYS-CON.com   |   Web 2.0 Journal - WEB2
Apache   |   CMS   |   CRM   |   HP   |   Oracle Journal   |   Perl   |   Python   |   Red Hat   |   Ruby on Rails   |   SAP   |   SaaS
SYS-CON MEDIA:   ABOUT US   |   CONTACT US   |   COMPANY NEWS   |   CAREERS   |   SITE MAP
SYS-CON EVENTS:   |  AJAXWorld Conference & Expo  |  iPhone Developer Summit  |  Cloud Computing Conference & Expo  |  SOA World Conference & Expo  |  Virtualization Conference & Expo
INTERNATIONAL SITES:   India  |  U.K.  |  Canada  |  Germany  |  France  |  Australia  |  Italy  |  Spain  |  Netherlands  |  Brazil  |  Belgium
 Terms of Use & Our Privacy Statement     About Newsfeeds / Video Feeds
Copyright ©1994-2008 SYS-CON Publications, Inc. All Rights Reserved. All marks are trademarks of SYS-CON Media.
Reproduction in whole or in part in any form or medium without express written permission of SYS-CON Publications, Inc. is prohibited.
 
close this window