Popular Travel Site Advises Members on Security Breach 

by iClass - Friday, March 25, 2011
Recently, popular travel site, TripAdvisor.com reported a security breach, which led to the disclosure of unspecified number of customer e-mail addresses. The company has notified the customers regarding the security breach through e-mail and the information regarding the breach has also been posted on the website. The site has around 20 million members. Information security professionals of the organization are investigating the incident. The company has also notified the concerned counter crime agencies. The site offers travel and hotel reviews and advice for vacations. While attackers are alleged to have gain access to a list of e-mail addresses, the company has assured that no passwords or financial information has been revealed.

SQL injection is one of the common techniques used to attack websites. Attackers exploit programming errors and lack of proper input validation on websites by modifying text strings, inserting special characters and creating erroneous entries. On successful execution, attackers may gain unauthorized access to privileged databases. Attackers can extract data, alter or delete information contained in the databases. In-depth security evaluation of websites at regular intervals by professionals qualified in programs such as masters of security science, penetration testing and secured programming would help in timely identification and remediation of security flaws and errors.

Proper input validation, use of parameterized queries and allowing only those SQL statements, which are used by the application, would minimize the possibility of SQL injection attacks. IT professionals could be encouraged to undertake training programs, refresher courses, online university degree courses, seminars and webinars to update their technical skills and know-how.

The extracted data could be used to send spam e-mails, launch phishing attacks and deliver malware-ridden attachments. Cybercriminals try to extract additional personal and financial information by sending specially crafted e-mails to the targeted user. The e-mails appear to come from a legitimate bank or online shopping site enticing users to enter sensitive information such as username, password and credit card details. Attackers may also use brute force attacks to gain unauthorized access to customer e-mail accounts. They may attempt to login with commonly used passwords. Attackers take advantage of the practice by many users of using common passwords for multiple accounts. Once an account is compromised, they may try to gain access to social media and other e-mail accounts of the user. Advertisements, video tutorials, online degree and e-learning programs could be used to educate users on online threats and safe computing practices.

Users must not click on suspicious links and attachments, use unpredictable, strong and separate passwords for multiple accounts. They must avoid accessing sites with suspicious web addresses. Internet users must refrain from providing information such as credit card and debit card numbers, username and passwords in response to any e-mails seeking such information. Spam and phishing e-mails may contain spelling mistakes and have altered Unique Resource Locator (URL) addresses. Users must verify the authenticity of suspicious e-mails appearing to come from a legitimate company, by directly contacting the company through trusted contact channels. Regular adherence to security advisories and software updates may also help in preventing intrusions and unauthorized access to computer systems.

Contact Press

EC-Council
Website:
http://www.eccouncil.org
Email: iclass@eccouncil.org
Tel: 505-341-3228


EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.

EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.

EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.

-

0    submitted by iClass -
Read More Press Releases

Thanks to robots, company registration in Singapore has become cheaper

Koincable Introduces Four Customizable HDMI Cables

SKS Ispat& Power Ltd commissions first 300-MW power unit of their 1,200-MW RaigarhPower Plant

How a Bodybuilding Diet Can Help Build Muscle Naturally

Low Carb Diet Report Casts Light On New Research Findings

Increase in the number of student visa is trending nowadays

Wiwigo Technologies: First of its kind selfie campaign takes place in moving Delhi-Chandigarh Shatabdi

An important day in real estate sector

Leonard Kim to Appear on Critical Mass Radio Show

Nishan Kohli's recent exhibition on photography

Get press releases by email