European Space Agency Suffers Security Breach, Confidential Information Disclosed
by iClass - Tuesday, April 19, 2011
The affected FTP servers are used by researchers affiliated to partner organizations for exchanging information. Information security professionals are investigating the incident and the affected FTP servers have been taken offline. The attacker has identified himself as TinKode. TinKode was in the news for intruding into the website of British Royal Navy, MySQL.com. He was also behind attacks on some of National Aeronautical Space Administration's (NASA) websites, the U.S Army, Reuters and Kaspersky Portugal among others. The attack took place on the anniversary of Apollo 13 crew's safe return to earth following a failed moon mission. TinKode revealed details of 13 FTP accounts to match the number of the mission. TinKode has also provided a brief description of ESA on his blog site.
Leakage of user credentials may provide attacker with access to privileged user accounts, which may contain strategic information. Revelation of such sensitive information may pose threat to national security. Attackers may also modify and delete information contained in the databases. Websites must be regularly tested for vulnerabilities and security lapses. Professionals qualified in IT degree programs, secured programming and penetration testing may help organizations in timely detection and mitigation of security weaknesses.
Attackers constantly scan and exploit vulnerabilities through sophisticated techniques. Websites are susceptible to SQL injection, cross-site scripting and distributed denial-of-service (DDoS) attacks. IT professionals must keep themselves abreast of latest developments in website security, modus operandi of attackers and threat prevention mechanisms through training sessions and online IT degree programs.
Users must avoid common passwords on multiple websites as attackers having access to password for one account may easily gain access to other accounts of the user. Passwords must be unique and must not contain personally identifiable information. Online IT courses, e-tutorials and adherence to security alerts may help users in understanding security threats and safe online computing practices.
EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.
EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.
EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.
Read More Press Releases
Get press releases by email