LulzSec, Anonymous Hacks Were Avoidable, Report Says

The hack group LulzSec made headlines recently with its crash and snap up data breaches against Sony, the U.S. Senat, Arizona's Section of Peace and Phosphate buffer solution. But it turns out that attacks like these are often avertible, according to a new report sponsored by the Section of Native lan Security.

The period CWE (Popular Weakness Evaluation)/SANS Top 25 Most Dangerous Software Errors discusses the biggest threats that software makers and generous IT organizations face and how to avoid them. Each threat is evaluated and graded based on its preponderance, importance, and the likeliness that bad guys bequeath try to capitalize of the exploit.

Topping this year's list are threats such as SQL injection, classic buffer overflow, cross-site scripting, cross-site request forgery, and failure to encrypt sensitive data. If those threats sound familiar, that's because several of these exploits were in use to steal information sitting on corporate servers this year. If you'atomic number 75 interested in reading it you can find the 2020 CWE report here, but Here's a look at some of the highlights from this year's top 25 software threats.

SQL injection

SQL injection is a favorite trick among hackers and lidded the 2020 CWE report as the biggest threat facing online networks. "For information-rich software applications, SQL injection is the means to slip the keys to the realm," the report said. The underlying idea is that a hacker inserts code into an online physical body such as one asking for your name, address then on. If victorian precautions aren't taken over to prevent this exploit, hackers terminate download, venal or alter an stallion database. Hackers testament even out "steal information one byte at a time if they have to," reported to the report.

SQL injection was responsible for galore high-profile attacks including LulzSec's hacks into Sony Pictures and PBS, likewise as Anonymous' intrusion into the network of certificate company HBGary National. This hack was tied victimised to break into Oracle's MYSQL.com.

After hacking into Sony Pictures LulzSec known as SQL injectant, "one of the most rude and common vulnerabilities."

Missing authorization allows hackers to manipulate software in a way that allows them to pull in admittance to data they never should have been able to picture. This exploit was used against Citigroup in early May when hackers stole details to much than 200,000 users' bank accounts, according to the report. How did the evil geniuses jazz? By changing personal account selective information "that was present in William Claude Dukenfield in the URL," the report said. Basically, that means when the hacker landed along www.randombank.com/user/ account/123456, all they had to do was variety the URL to www.randombank.com/user/account/789012 to gain access to another account.

Missing encoding of cognisant data

It's crappy enough when a society or organization makes it easy for the no-good guys to chime in, but it gets worse when critical data such as account passwords are sitting there unencrypted. LulzSec gained access and later released more than 62,000 plain schoolbook passwords purloined from various databases.

Threats aplenty

For security fans sounding to learn about the biggest threats in software for 2020 the report has Thomas More details to talk. For instance, the report also discusses how the Stuxnet louse, which disabled Iranian nuclear sites, used hard coding to wreak havoc connected computer systems. If you have any interest in estimator security, the CWE report is wellspring worth a read.

Connect with Ian Paul ( @ianpaul ) and Today@PCWorld on Chirrup for the latest tech news show and analysis.