Blog Contest Result

Finally! the long awaited blog contest has come to an end, thank you for participating in the contest!

Unfortunately, there are many submissions that are not acceptable, therefore disqualified. There are only 2 participants that manage to go through. And they are :

First prized goes to Lee Kok Weng :

Second prize goes to Welsh MunChean :

Congratulations to all the winners, and thank you for participating!

Young children being attack by scammers through online games

Internet security should always be ramped up when children are using the internet, and a new rigged online game highlights that there is usually no exception, as it has been trying to scam children for their parents' banking information and more.

Online scammers are rigging an educational online game meant for preschoolers with malicious viruses that can take bank account details from a computer, according to Security News Daily.

Games that are rigged include some that let children nurture online pets or catch falling objects. The website said the young child thinks they are playing a harmless game but may open their parents' computer up to spyware and other Trojan viruses, such as Zeus, capable of forcing the PC to join a botnet or stealing online banking information.

Microsoft said families should first decide where their children can and cannot go on the internet, then increase antivirus software and other internet security measures just in case something does go wrong, such as what happens in this scam. The company said to monitor where children go online and remind them to never talk to strangers online.

Resources:

Scammers attack young children through online games. 2011. Scammers attack young children through online games. [ONLINE] Available at: http://www.bitdefender.com/security/scammers-attack-young-children-through-online-games.html. [Accessed 19 October 2011].

Fifth Poll Analysis

This shows that after few weeks of education and awareness on scaming and scamers. Most of our followers are well aware of the hackers...

Short Video Regarding The Contest

Phising through Modern Warfare

Microsoft has issued an Xbox Live service alert of phishing scams operating through Call of Duty: Modern Warfare 2.

Phishing scams are an attempt to acquire personal information about a user, such as usernames, passwords or credit card details, by posing as a trustworthy source.

The service alert warns: "Users may receive potential phishing attempts via title specific messaging while playing Modern Warfare 2."

Though information regarding the source of the messages has not been released, the phishing messages are likely perpetuated by individual Xbox Live accounts. There is no indication that it is a hack of the Xbox Live service similar to the breach of the PlayStation Network.

Microsoft stated that it is "working to resolve the issue".

Poll Analysis #4 : What should a protected computer have?

As usual, a poll is posted on our blog for visitors to vote through a duration of a week. The picture on the left is the result of the poll. Because this poll has multiple choice enabled, users are able to vote for more than one answers. According to the results, the most important feature for a protected computer is to have a firewall. Firewalls may be considered the most important because they are built in and come together as a system unit. The other two choices, which are anti virus and spyware software, and the most recent updates , scored a 60%.

Contest

Hi! there everyone thanks for giving us your support through out every week by participating on the poll questions. Due to your great support the eCyber-aware blog team have come with an event which is more over to a contest, Most of you guys might be jumping all over ready due to this event or contest

Well this is a drawing contest more like a poster...participants are asked to draw a picture a poster of a hacker in a cruel and ugliest way they can and they must send a scanned version of their artwork to the following email address; kingofbloging@gmail.com

Rules and Regulation:

• Participants must be a follower of this e-Cyberaware blog
• Artwork must be original and not be a copy paste item(artworks sent will be check for plagiarism)

Winners will be awarded with the following prizes:

1. Champion gets a 4GB pen-drive
2. 1st runner up gets a cooling pad
3. 2nd runner up gets a mouse pad

So hurry up and send us your artwork!

For more info on this please check out our events page...

Web Application Attacks

     There are two types of Web application attacks: automated and manual.

     Automated attacks can be used to exploit a Web application using automated
Web application attack tools such as wget, curl, blackwidow and teleport pro.
Using these automated tools, crawling and attacks can be done shortly.
This type of attack can be avoided by setting “honey traps” using HTTP Module
(used in pre/post-processing of requests). The attacker can be put into an infinite
loop using defence trick once it is trapped.

     To launch manual attacks, hackers must conduct information gathering such as
address identification, port scanning, social engineering and vulnerability scanning
to find out vulnerabilities that can be exploited.

Resources:
http://www.cybersecurity.my/data/content_files/13/87.pdf?.diff=1176417313

SECURING APPLICATIONS FROM HACKER

MOST companies today use the Web to do business with customers, employees,

suppliers and others. This is because it is easier to maintain a Web-based

application than a Windows-based one. But how can we be sure that a Webbased application is secured? Or that data is being shared only by the authorised

users?

The Gartner Group estimates that 75 per cent of cyber attacks today are at the

application level. And about 97 per cent of over 300 Web sites audited are

vulnerable to Web application attacks. The US Federal Bureau of Investigation

also reveals that 95 per cent of the companies are hacked from Web applications,

and only five per cent of them are aware of the attacks

(http://conference.hackinthebox.org/hitbsecconf2005kl/materials/TT-ShreerajShah-Webhacking-Kungfu.pdf).

From the figures, we can deduce that most company Web sites are prone to cyber

attacks, and some of these companies are not aware that their Web applications

have vulnerabilities that can be exploited by hackers.

According to statistics published by the National ICT Security and Emergency

Response Centre, there have been significant increases in Web defacement

incidents. In the first quarter of this year, there were 256 Web defacements

involving both public and private Web sites, compared to the previous quarter

which recorded 42 of such incidents.

To have a secure Web application, developers of the application must know each

attribute such as query string, form, cookie, script, etc, because they are

vulnerable. These attributes can be exploited by an attacker and expose sensitive

company information if they are not used securely.