Happy Friday all! Make the day go by a little faster by taking some time out to catch up with a few highlights from this week’s news stories:
Twitter In The News: An interesting occurrence with Twitter this week was the supposed hack that resulted in the posting of over 50,000 user names and passwords online. An initial report by John Mello in PC World reported that “some of the accounts are duds created by robot programs.” Jay Alabaster said in a later article posted in ComputerWorld that, “None of the recently leaked Twitter logins and passwords came from within the company, according to a message posted on Twitter's Japanese blog Thursday,” after it was determined that the posted accounts were duplicates, unmatched credentials, and spam accounts.
Spike in SQL Injection attacks: A mass increase of the number of SQL Injection attacks has occurred. A Dark Reading article by Ericka Chickowski reports that researchers have found that there has been a spike in automated SQLi attacks, which are being used by hackers to seek out sites that are vulnerable to the attack, who then sell the information in a monetization process. Organizations are being warned to keep up with patches, monitor applications, and use appropriate security measures. More information about CA Veracode and SQL Injection, as well as how you can protect yourself can be found here.
BYOD: A recently trending issue in the security world is BYOD. As reported by Ellen Messmer in PC World, a new survey “shows wildly abundant use of mobile devices, but profound concerns about security and how employee-owned devices ought to be used for business purposes.” It is also found that, “One-third of the IT professionals in the survey reported their company has already experienced some type of security threat associated with personal mobile devices accessing corporate data.”
Vulnerability in PHP: A very large number of sites using PHP scripting language are currently endangered by an unpatched vulnerability in the code, writes Dan Gooding in Arstechnica. The weakness allows hackers to remotely take control of servers when the PHP sites are running CGI (not FastCGI). Even worse, the full details of the exploit went public, providing hackers with all the information they need to locate and take advantage of the vulnerabilities. There are updates and patches available to mitigate the risk.
Keeping the London Olympics safe from cyber attacks: With the threat of cyber attacks on the 2012 Summer Olympics in London, Atos, the IT outsource for the games, has wrapped up its first round of testing writes Anh Nguyen. He further reports that, “The CIO for the London Organizing Committee for the Olympic Games (LOCOG) said last year that cyber criminals would find it 'very hard' to launch a distributed denial of service (DDoS) attack on the Games' website.”