Attackers Target Apple, Steal Confidential Information

Recently, Anonymous group reportedly claimed access to administrative login credentials associated with an Apple server.

Albuquerque, NM (prHWY.com) July 4, 2011 - Albuquerque, NM, United States - Recently, Anonymous group reportedly claimed access to administrative login credentials associated with an Apple server. The self-proclaimed Internet vigilante group also allegedly posted a link of the compromised server. The latest attack seems to part of the Anti-Sec campaign, which attackers claim to be targeted at corrupt governments and organizations. Attackers were reportedly successful in extracting at least 26 administrative login credentials. Apple has not yet confirmed the security incident. Over the last few months, there have been a series of attacks on government and corporate websites, which include U.S Senate, Central Intelligence Agency (CIA), various websites of Sony Corporation, AT&T as well as several Malaysian, Turkish, Brazilian government websites. Recently, attackers also targeted Viacom, Universal Music Group, several Orlando city related websites, and Arizona Department of Public Safety. The attack group has also warned of further attacks targeted on the developer.

Structured Query Language (SQL) is used to support SQL-based database systems. Websites are supported by these database systems. Cyber-attackers use SQL injection to gain access to databases associated with the website and view, extract, delete or alter the contents. Attackers use a malicious script in the form database query. The script is injected into the strings by inserting special characters, terminating and appending text strings, inserting erroneous entries to alter the inputs before their execution. SQL injection attacks could be prevented through appropriate input validation, escaping user input and using stored procedures. Parameterized queries could be used to prevent use of special characters. Restricting use of SQL statements and allowing only those statements that are used by the application may also help in preventing SQL injection attacks. On gaining access to confidential customer and business databases, attackers may use the information to compromise more user accounts or launch more sophisticated attacks. Attackers may also place the extracted information online.

Organizations must make regular evaluation of the website security. Professionals qualified in secured programming and penetration testing may detect and remediate security vulnerabilities. IT masters degree and computer science degree holders may help in appropriate assessment of security risks. Organizations must place high emphasis on ensuring confidentiality, integrity and security of databases. Proactive approach is crucial to deal with persistent attacks, security and data breach incidents. Security certification and online university degree programs may help cyber security professionals to meet their training requirements.

Governments must have a robust policy to tackle consistent threats to public bodies and private corporations. Creation of cyber security centers by pooling cyber security expertise from various departments, corporations and counter crime agencies may help in identifying security threats, making appropriate assessment, evaluating their impact, and devising appropriate risk responses. Attacks on critical infrastructure may have serious repercussions on business and economy. Information sharing among different government, corporate, law enforcement and security researchers could facilitate initiation of appropriate measures to secure the IT infrastructure from identified threats. Governments may collaborate with educational institutions and universities to devise and promote online degree programs on cyber security to meet the future needs of IT experts and improve computing practices among Internet users.

Contact Press

EC-Council
Website: http://www.eccuni.us
Email: iclass@eccouncil.org
Tel: 505-341-3228

EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.

EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.

EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.

###

Tag Words: apple, anonymous, internet vigilante, anti sec, login credentials, sql, sql injection, parameterized queries, sql statements, vulnerabilities

Categories: Internet

Link To This Press Release:

URL HTML Code