The Trojan Horse: Sneaking Past Your City Walls
Filed under: Authentication Trends, Data Security, General Information
For centuries the Trojan horse was a weapon of war; a historical piece of trickery and deceit, which was used to bring down the City of Troy. Now in this century, when searching the term Trojan horse, the first result to appear is about the technology verison of the Trojan horse. As many of us know malware stands for malicious software. The vehicle in which it obtains its unwanted access is the Trojan horse programs. These carriers are great at disguise, trickery, and breaking down the walls of your personal identity and even financial status.
Recently a new Trojan horse program has appeared, and has many concerned. Trojan Horses, as many of us know, are invasive, but this new one goes beyond that, targeting specifically financial institutions and Internet Explorer users. The new name to fear: W32.Silon. With the target of financial institutions, Silon can intercept Internet Explorer sessions, and steal credentials. Many say this attack has two heads, the generic Trojan horse approach into all applications, and then the financial focus.
When it comes to logging onto your bank account online, that is when to watch out. The Silon Trojan will intercept between the token protected financial sites and the user, putting up a façade that looks like their normal login screen. This allows them to transmit your credentials to hackers, to be able to obtain your financial data, and reap the rewards. The main thing that is clear about this attacker is that it is following and changing wih the authentication trends. With more advanced authentication techniques, attacks are becoming more and more sophisticated. The Silon is a prime example, as it attacks the two prong stronger authentication methods with ease. Bank accounts beware!
For more information check out these links:
http://en.wikipedia.org/wiki/Malware
http://en.wikipedia.org/wiki/Trojan_horse_(computing)
http://in.sys-con.com/node/1162320
Attacks Need Access to Happen: Yahoo Users Beware
Filed under: Authentication Security, Authentication Trends, General Information, IT Security, password security
Recently 1,000s of attacks have been occurring involving Yahoo mail and their users, and that is just one proxy that has been recorded. Brute force attacks are being used to steal users’ credentials and access their email accounts to conduct spamming attacks. With the future of Authentication Trends showing an increase in hackers, and phishing attacks, it is no wonder this is a recent hot topic. Attacks need access to happen and with the growing number of access points, to get to data, it is no wonder attacks are increasing as well.
The main login page for Yahoo mail is protected against these brute force attacks, which are when hackers just keep trying to guess credentials, until they are able to steal them. Usually they implement an automated script that cycles through passwords and names, until finding the correct match. They use mechanisms such as:
· Enforce strike-out limits - the user will be prompted to enter in a CAPTCHA after they fail at entering their credentials “n” number of times.
· Incorrect credential is not specified – the error page following an incorrect login attempt, does not inform the user which part of their credentials, the username or password, was incorrect.
These mechanisms have been working to protect Yahoo mail users. Recent attacks and stealing of credentials happened through a service application, outside of Yahoo. With this API access point, hackers saw an open door.
This API is meant for ISP’s and third-party Web applications, but it does not enforce the same authentication mechanisms as Yahoo mail does, such as anti-automation defenses. There are no strike-out limits or CAPTCHAs, and the error page specifies which part of the credential you entered incorrectly. Hackers figured out quickly how to hammer this application with attacks, daily.
With further investigation it was found that hackers were trying something different in their attacks. Usually these brute force attacks are aimed at the Web interface that is highly visible, but this application was not for end-users, and just helped validating authentication credentials.
To fight these attacks the Web Application Security Consortium Distributed Open Proxy Honeypot project is being created. By getting attackers to push through the one proxy server for the project, the suspects can be monitored. It is a great idea, but with multiple phases of implementation, which started in 2007.
Yahoo has hundreds of servers, and attackers are learning to spread their attacks across a breadth of them. With current authentication mechanisms and projects, IT professionals are attempting to reduce attacks. Of course we all have to take a look at the overwhelming problem; users require multiple access points on a daily basis, and access opens the door for attacks. This will definitely be an ongoing dilemma.