Researchers Help Identify New Security Threats

Cyber attacks grow and change as much as technology itself. Many times, new methods of attacks aren”t discovered until they”ve been used successfully on a website or business. Sometimes, however, researchers are able to find flaws, vulnerabilities, weaknesses, and exploits before it”s too late.


 Ever heard of a zero-day vulnerability? If you haven”t, you”re not alone. This is a vulnerability or flaw in a target application that its developer is unaware of. It”s usually exploited through software. Recently, independent Italian researcher Rosario Valotta found a zero-day vulnerability in Internet Explorer that could make way for a new attack called cookiejacking.

 To pull off a cookiejacking attack, the attacker finds Internet Explorer users and uses a simple piece of software to discover the victim”s Windows username. Then, the attacker uses the navigator.user/Agent object to find out which version of Windows the victim has to locate the browser”s session cookie files. With these, the attacker can access virtually any online account including Facebook, Gmail, Yahoo, Twitter, and more, stealing money, information, and identities.

 This is similar to clickjacking, which affected Facebook in 2010. During this attack, a worm posted a link onto a user”s profile. Other users would click it and be taken to a photo, ebook, or other piece of media surrounded by ads. The worm would enter another profile, and the process would continue.


Captcha Crucification

 Captcha, which stands for Completely Automated Public Turing Test to Tell Computers and Humans Apart, is thought to be one of the most secure spam prevention methods online. In fact, it”s used by some of the Web”s largest sites including eBay, Google, and Yahoo. Unfortunately, researchers from Stanford recently discovered this system isn”t as secure as it was thought to be.

 The researchers were able to create a best online casino special decaptcha program that could break Captcha”s up to 82% of the time on eBay, 48.9% of the time on Microsoft sites, and 45.5% of the time on Yahoo. The program uses the “read” feature associated with Captcha images for those who are visually impaired. It “listens” to the Captcha for about 20 minutes, and marks each of the letters and numbers it hears to create a library. Then, when it hears the letters and numbers, it matches each sound to a letter or number in its library and successfully completes the Captcha.

 Chinese Government Gets in on the Game

 While others debate the purpose behind the move, the fact is the People”s Liberation Army now has a division known as the “Online Blue Army”. The country”s director-general of the Information Office of the Ministry of National Defense, Senior Colonel Geng Yansheng, says it”s to improve the security of the nation”s online defenses. They feel network security has become an international issue, and a compromise could seriously harm the entire nation.

 The Internet is no longer the simple Google-less online world it used to be. With more people coming online all the time, technology advancing, and curious minds testing the limits of everything from web browsers and applications to websites, the dangers are only increasing. The only way to truly protect yourself and the digital world you create is to stay educated, be aware, and make security a priority.

 Guest Post By Fergal the product marketing director and a writer for Veracode a program helping people avoid cross site request forgery and other online risks.  Fergal has been primarily in software development and online security for the last decade.