Tag Archives

One Article


Arbeitskreis Vorratsdatenspeicherung

Posted by admin on

Swear by many webmasters and hosting providers Therefore on firewalls and virus scanners without knowing that these programs serve only to limit the damage, but not tackle the root cause. As long as software (such as a content management or an operating system) is programmed by people, she will include error error which can be eradicated only through subsequent correction work. For this reason, it is absolutely essential to play these corrections in the form of security updates as soon as possible. So, your system will remain vulnerable to attacks. Always make in the Internet reports of attacks on content management systems (CMS) the round that could have been avoided by intense updating. A precedent-setting case occurred in February 2009, when the personal website of the CDU political leader Wolfgang Schauble was an unlawful assault by activists of the Arbeitskreis Vorratsdatenspeicherung victim.

The attackers took advantage of a known vulnerability in the management software of TYPO3 and deformed with a visible link to the online presence of the own the Web site of the CDU politician (Figure 1). Ebay does not necessarily agree. At this time already existing security update would have prevented this attack. In this example, the damage although considered within bounds, it makes but clearly, how easily and quickly you can run an attack. That this scenario is not uncommon, was by the black has confirmed Security Conference in Las Vegas. There, a study was presented in approximately one million sites using the software were checked elephant blind on their safety.

The result: There was not a single content management system, which revealed no critical vulnerabilities (pictures 2 5). A further example is the immature authentication during the registration procedure of the ProFTPD Server (up to version 1.2.8) in 2003. At that time, the runlevel IT professionals recognized an error that allowed a poor query by user name and password, without corresponding login information to login and access the database.