secure Hive News Article 1

Secure Hive Ltd

Secure Hive Info

Business Finder

Shopping Mall

Car Buyer Guide

Mission Statement

Jobs at Secure Hive

Menu

» Secure Hive Info
» Business Finder
» Shopping Mall
» Car Buyer Guide »Purchase Secure Hive
» Mission Statement
» Jobs at Secure Hive

Contact

Secure Hive Ltd

1 Percy Lonnen,

Castle Fields,

Prudhoe, Northumberland,

NE42 5QU

Ph: 01661 833627

sales@securehive.com

Company No.

05300489

Reg England and Wales

VAT registration NO.

873 4512 16

All prices quoted are subject to VAT or Country Tax if applicable..

Northumberland Search Engine

[Secure Hive LTD].


Security Breach Of The Week: Groupon's Sosasta
	06.30.11

LulzSec Disbands, Apple Site Attacked And Fox Twitter Account Hacked
	07.07.11

Security Breach Of The Week: 237,234 Records Breached: Operation AntiSec Continues, Operation Green Rights Begins
	07.14.11

Independent Review of Secure Hive By Bravofiles
	07.24.11

Hacking, And Arresting, And Suing, And Legislation! Oh My!
	07.31.11

	Back to Home for More Articles

Welcome! to Secure Hive

Security Breech of the Week: Citigroup

By: Joe Purcell REF: securitypronews

Staff Writer
2011-06-16

We are about a month late, but it wasn't until today that it was announced that the number of accounts compromised at North American Citigroup was over twice that of initial figures, amounting to at least 360,083. The list of major security breeches is growing and until businesses take the threat of hackers more seriously customers are mostly helpless, unless they take action.

The attack was initially detected on May 10, but wasn't made public until last Wednesday, June 8. It was stated that "'data critical to commit fraud was not compromised' and that other consumer banking online systems were not accessed." But, what makes this attack particularly interesting is that the user's information was being passed in plain text through the url without any access control, In the Citi breach, the data thieves were able to penetrate the bank's defenses by first logging on to the site reserved for its credit card customers.

Once inside, they leapfrogged between the accounts of different Citi customers by inserting various account numbers into a string of text located in the browser's address bar. The hackers' code systems automatically repeated this exercise tens of thousands of times - allowing them to capture the confidential private data.

The method is seemingly simple, but the fact that the thieves knew to focus on this particular vulnerability marks the Citigroup attack as especially ingenious, security experts said.

Ingenious? Perhaps it is ingenious to the everyday user, but anyone who has a basic understanding of internet communication knows that, first of all, sending the user's information in the url is blatantly insecure, and secondly, that access control must be checked with every request, not a per-session basis. Just in recent weeks we haven't covered Lockheed Martin, Apple's 114,000 iPad owners, CIA, IMF, Sony (several times), MacDefender's Apple-targeted Search Engine Poisoning (SEP), and many others among an extensive history of breeches.

There is much hype, but are these attacks themselves really that surprising? Minor investigations clearly show that hackers are not implementing advanced methods to breech security. What is surprising is that businesses are failing to respond. Hence, users need to educate themselves on security and be their own Chuck Norris.

More Information and trial copies of Secure Hive Click Here!