August 10th, 2008
Another SQL Injection that targeting Microsoft’s SQL Server is doing the rounds and looks to be increasing in rate. SANS is reporting that the activity is increasing, other sources indicate that close variants have infected several thousand sites. I was contacted over the weekend to help recover a database for an international newspaper that had been subjected to attack earlier this weekend. The damage? Some 40k pieces of data that had been modified to embed the undesirable Trojan code.
Looking into this indicates that this attack is sourced from the botnet ASProx, previously associated with phishing attacks, now pushing malware through sites vulnerable to SQL injection. ASProx utilizes the google cache to target initially ASP but now also ASP.net, PHP and coldfusion pages. It also utilizes DNS fast-fluxing (DFFer) technique to hide the actual malware delivery sites. It is understood that the ASProx botnet now exceeds some 30,000 unique IP addresses.
A quick assessment of the NZ landscape shows that over a sample of 100 of the latest attack signatures (specifically looking at the result of the successful SQL Injection) indicates that there are 68 distinct infections over some 18 “NZ” sites… all IIS5/6 sites. Not good news for some and given that a couple of these sites are in NZ’s “top 100” and would service a not-so-insignificant number of unique browsers.
Note: I’ve performed this assessment out of the google cache so I’d expect that this would be somewhat worse, given SEO (in general) and the timing of google spider visits.
SQL Injection is not a new method of attack, but the sites affected indicate that the quality of website code to protect against this type of attack still is not good enough. The nature of this particular attack is such that there only needs to be a single vulnerable hole. Reverse engineering the attack server-side is relatively easy, but the number of signatures/payload and the coding required to identify and block can become time consuming. Preventing the attack in the first place is a little more difficult, but not impossible as the payload continually morphs.
Maintaining a strategy to provide you with protection against this type of attack in a multi-layered approach at the database, application and web server in my opinion is the best approach.
Understood, re-engineering an existing site can be time consuming, but, regardless of the complexity and costs involved, a (website) publisher has a responsibility to shield their website from the risk of infection and the result of becoming a virus distributing agent. Publishers of any size must protect their sites’ visitors from the exposure to malicious scripts at all times.
Are you a responsible publisher? Or do you believe that protection is the responsibility of your browsers?
Posted in Security | No Comments »
August 6th, 2008
At ProjectX, we’ve been wanting to show-case our abilities in building cool map applications. Here’s a little R&D project that was kicked off as potential contender of Mash-up challenge. We’ve built Wellington Trains as a flash based “Train Simulation” showing the estimated location of a train in real time. The position of the train is estimated based on the train time-table from the Metlink site. The project was inspired by Swiss Trains. We’ve taken it to the next level by having proper animated trains and it runs against the current time. We’re thinking of adding buses to the app in due time. We’ve used Google and Virutal Earth maps in the demo.
Its fun to watch around 8:30am and 5pm as the number of trains on the network increase.
A big thanks to Metlink for giving us permission to build the demo.
Here’s some pictures:
Johnsonville, Hutt and Melling trains on a Google Map.
A couple of trains stopping at the station in Red on a Virtual Earth Aerial map.
A couple of trains stopping at the station in Red on a Virtual Earth Hybridmap.
Here’s a train coming into Ava Station
Posted in ProjectX Technology | No Comments »
August 6th, 2008
Looking for Snapper vendor to buy or recharge your snapper card?
We’ve tagged up every Snapper merchant on ZoomIn.
Here’s the list of snapper merchants:
Wellington City Suburbs
Outer surburbs:
Lower Hutt
Posted in ZoomIn | No Comments »
July 31st, 2008
Last of the Summer of Code bootcamps tonight
On the menu is Introduction to PHP, .NET and Pizza.
Should be fun…
Posted in Summer of Code | No Comments »
July 31st, 2008
Posted in Links | No Comments »
July 22nd, 2008
For the longest time, I’ve been using the concept of “Bus Theory” when talking to our team. ie. ‘What happens if someone gets run over by a bus’. It’s suppose to make you think about contingency plans and all that stuff.
Unfortunately on the weekend, one of my friends was hit by a bus while he was putting his young son into his car seat. Thankfully, he has been able to walk away with only multiple fractures in his arm. Thankfully, his young son was completely unharmed.
Its humbling to when you think about the whole thing. Its a timely reminder that sometimes we take things for granted and that our relationships with our friends and family are what really matters.
Posted in All Posts | No Comments »
July 21st, 2008
I was just testing the new add place functionality on ZoomIn and I added the Hippopotamus Restaurant in Wellington to the site. Google crawled the page and put it in the Google index in only 12 minutes and it became the top match! A new record for ZoomIn ! (Previously down from just over 30 minutes)
Posted in ZoomIn | No Comments »
July 21st, 2008
We’ve completely overhauled the add place process on ZoomIn. Now, if you want to add a place to ZoomIn is as simple as 1, 2, 3.
1. Drag the Add place marker onto the map
Position the marker with X marks the spot. You can adjust the position by dragging the marker to the correct location.
2. Refine your address using the drop down box
We automagically figure out the closest address based on your location. All you have to do is refine the address in the dropdown menu to match your desired location.
3. Add your place content
You can add the name of the place / business, a description and tags .
And you’re done!
Posted in zoomin_nz_motd | 1 Comment »
July 14th, 2008
I’m giving a talk on “How to have a kick-ass ICT career” at Victoria University tomorrow.
How to have a kick-ass ICT career
Tuesday 15th July 2008 – MYLT 101 13:10 – 14:00
Summary:
Getting a job can be tough. In the first of the career seminars,
John Clegg will provide some information on how to get a great ICT job and
kick start your career. John will tell you what the hottest companies like
Trade Me, Sidhe, Weta and a host of start ups are acutally looking for in a
new graduate. He’ll also offer advice on how to get a job, where to look,
who can help you and some tips on how to impress.
Should be interesting, I’m trying to graduate my presentation style to Presentation Zen style. (Looking for good images is time consuming!)
Posted in Summer of Code | 1 Comment »
July 11th, 2008
The Xlinks digest is a interestig collection of links as discovered by the ProjectX team.
Yahoo Boss – an insiders view
Added on 07/11/2008 at 10:12AM
Google Lively
Added on 07/11/2008 at 09:42AM
What good is collective intelligence if it doesn’t make us smarter
Added on 07/11/2008 at 09:39AM
Economics of Software
Added on 07/11/2008 at 09:37AM
37 signals on Pixar’s tight knit culture is its edge
Added on 07/11/2008 at 09:35AM
Scaling on EC2
Added on 07/11/2008 at 09:34AM
Amazon and Google discover erlang
Added on 07/11/2008 at 09:32AM
Live full text search on ruby on rails
Added on 07/11/2008 at 09:30AM
First fullscreen demo of Android
Added on 07/11/2008 at 09:23AM
Why Project Management is important to Start-ups
Added on 07/11/2008 at 07:41AM
Auckland University rolls out gmail to 50k
Added on 07/10/2008 at 08:48AM
Understanding YSlow
Added on 07/10/2008 at 08:46AM
State of the web Summer 2008
Added on 07/09/2008 at 05:09PM
B-Trees – Balanced Search Trees for Slow Storage
Added on 07/08/2008 at 02:08PM
Google Zen Master of the Market
Added on 07/07/2008 at 05:57PM
Easy Development setup with mod_rails
Added on 07/05/2008 at 04:41PM
Sparklines – Theory and practice
Added on 07/05/2008 at 04:20PM
LBS developers wary of iPhone
Added on 07/05/2008 at 04:14PM
Rat proxy test out those security issues in your web app
Added on 07/04/2008 at 09:38AM
Why the Helio didn’t connect
Added on 07/03/2008 at 09:33PM
Posted in Links | No Comments »