Re: Looking for help against Chinese Hacking Team



Few hundred dollars is not going to get you far...

Instead of blowing the cash on pen-testing, and one-size-fits-all
(because vendor told me) security software; how about you get your
systems administrator to audit your web server log files and trace the
vulnerability that way.

Again: Get your awesome systems administrator to look through log
files, to identify which files are vulnerable (something he or she
should have been doing in the first place).

These links may help:
http://www.bloombit.com/Articles/2008/05/ASCII-Encoded-Binary-String-Automated-SQL-Injection.aspx
http://isc.sans.org/diary.html?storyid=4844&rss

Also, this sounds like an SQL worm prorogation, not a targeted attack
which I understood from your email.


Cheers
Serg



On Sat, Dec 13, 2008 at 11:59 AM, harveyfrank <joet@xxxxxxxxxxxxxxx> wrote:

We've been battling the Chinese for several months now and have gone through
several waves of US security experts who have failed to stop them. In their
defense, we are not on an unlimited budget and they've gotten us to a point
where it looks as though somewhere among the site's 400 scripts is a SQL
injection vulnerability.

Automated testing by a few pen test products seems to think we're fine. We
definitely are not.

Is it possible to hire a CEH to find the Chinese-discovered vulnerability
for a few hundred dollars? (We aren't just being cheap, we've blown our wad
on security that hasn't worked.) Would someone with intimate knowledge of
the latest wave of Chinese attacks be required for this job? Besides our
first rate security team that's just been beat, I've tried the $200 pen test
folks and they have all failed. Microsoft security help has also failed.

Advice (Besides porting to Linux)? Help?
--
View this message in context: http://www.nabble.com/Looking-for-help-against-Chinese-Hacking-Team-tp20986210p20986210.html
Sent from the Penetration Testing mailing list archive at Nabble.com.


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------



------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------



Relevant Pages

  • SecurityFocus Microsoft Newsletter #165
    ... Tenable Security ... distribute, manage, and communicate vulnerability and intrusion detection ... Microsoft Internet Explorer MHTML Forced File Execution Vuln... ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter #174
    ... This issue sponsored by: Tenable Network Security ... the worlds only 100% passive vulnerability ... MICROSOFT VULNERABILITY SUMMARY ... Novell Netware Enterprise Web Server Multiple Vulnerabilitie... ...
    (Focus-Microsoft)
  • [NT] Cumulative Security Update for Internet Explorer (MS04-038)
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Get your security news from a reliable source. ... CSS Heap Memory Corruption Vulnerability, ... Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6 ...
    (Securiteam)
  • SecurityFocus Microsoft Newsletter #171
    ... Better Management for Network Security ... GoodTech Telnet Server Remote Denial Of Service Vulnerabilit... ... ASPApp PortalAPP Remote User Database Access Vulnerability ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter #160
    ... MICROSOFT VULNERABILITY SUMMARY ... Geeklog Forgot Password SQL Injection Vulnerability ... Atrium Software Mercur Mailserver IMAP AUTH Remote Buffer Ov... ... Sun Java Virtual Machine Slash Path Security Model Circumven... ...
    (Focus-Microsoft)