US Government Security Site Vulnerable to Common Attack

The U.S. government site that tracks cyber security risks was recently found vulnerable to cross-site scripting, a technique commonly used in hacker attacks and web site spoofing. Several security sites have published a demonstration of the security hole in the web site for the National Institute of Standards and Technology (NIST), which hosts the U.S. National Vulnerability Database, which ironically includes numerous examples of cross-site scripting.

Cross-site scripting (XSS) is a well known technique which involves injecting the text of code to be executed by the browser into urls that generate dynamic pages. Attacks using XSS have been found by security researchers in a wide variety of products and specific sites in recent years. The cross-site scripting vulnerability in the NIST site was found in a script that warns visitors that they are about to leave the NIST site, a common practice on U.S. government sites. The NIST script allows potentially malicious Javascript to be appended to the URL and executed by the browser, a technique which works in Firefox and Internet Explorer. The flaw was originally reported by the RootShell Security Group. Staff at the NIST web site closed the security hole after being contacted by people who saw the RootShell posting.

Continue reading

Downtime for RIAA Web Site

The web site for the Recording Industry Association of America (RIAA) was offline for more than five hours yesterday. The downtime for riaa.com comes on the heels of extended performance problems late last week, marked by sporadic outages and slow response times, as visible on this performance chart:

riaa.png

A dynamically updating graph of the site performance of riaa.com is available here.

Last year the RIAA site experienced monthly outages coinciding with scheduled denial-of-service attacks by computers compromised by the MyDoom.F virus. The RIAA site has a history of outages related to DDoS attacks (including extended downtime in July 2002 and January 2003) and has frequently been defaced.

Oil Depot Fire Knocks Web Sites Offline

The fires and explosions at an oil depot near London have knocked some prominent UK sites offline, and forced others to relocate to new servers. The explosions Sunday morning damaged a nearby data center operated by Northgate Information Services, which housed a number of popular UK web destinations. Among them was audio retailer Richer Sounds, whose site went offline at the time of the explosion:

Richer Sounds site performance

The site of the UK Labour Party was also out of service due to the fire. The party has set up a temporary site at PIPEX Communications while it seeks to recover the files for its site.

A statement from Northgate indicated that backup equipment was unusable. "The fabric of the building and the fixtures and equipment inside have been badly damaged," Northgate said. "The back-up systems that were in place have also been rendered inoperable. Northgate's ability to service its customers has therefore been temporarily affected." Northgate said its business continuity plan will allow it to restore services using other data centers.

Critical Security Hole in PHPMyAdmin

A critical security hole has been discovered in PHPMyAdmin, a popular program for managing MySQL databases. The vulnerability allows an attacker to defeat the program's security scheme by overwriting key system files, which in turn enables remote file inclusion and cross-site scripting attacks. The PHPMyAdmin project has released an update that fixes the issue, which can be downloaded here. Details of the security hole and its implications are outlined in an advisory from the Hardened PHP Project, which discovered the issue during a code audit.

Continue reading

Strong growth for Debian

Debian is currently the fastest growing Linux distribution for web servers, with more than 1.2 million active sites in December. Debian 3.1 was declared stable in July and it appears that both the anticipation of this release becoming stable, and the release itself, have generated new interest in Debian, after some years where it had lagged behind its more active rivals. This growth is particularly noticeable at some of the larger central European hosting locations, including Komplex, Lycos Europe, Proxad and Deutsche Telecom.

linux_distribution_011205.PNG

Continue reading

eBay Fooled by Fast-moving Phishing Scam

Sometimes even the targets of phising attacks have difficulty sorting out whether an e-mail or web site is bogus. In other instances, spoof sites remain online long after they are identified as criminal scams.

Both scenarios are found in a story related by an e-mail security researcher, who submitted an obviously fraudulent phishing site to eBay, only to have the auction company's staff e-mail back to insist that the site was legitimate and that the "bait" e-mail was sent by eBay.

The scam site, ebaychristmas.net, was blocked on Nov. 25 by the Netcraft Toolbar community. This particular fraud site illustrates the difficulty of relying upon web hosting services to protect Internet users by taking a site offline.

Continue reading