European Space Agency Suffers Security Breach, Confidential Information Disclosed 

by iClass - Tuesday, April 19, 2011
In the recent times, data breach incidents have become a common occurrence. In yet another data breach incident, an attacker successfully intruded into some of the FTP servers of the European Space Agency (ESA). The attacker was successful in extracting sensitive information and has allegedly published around 200 usernames and passwords on his blog site. The attacker has revealed information related to main server, root, database, admin, editor and FTP accounts. Some of the usernames, e-mail addresses and passwords are easily readable on the blog page of the attacker. The attacker has not revealed the method used to breach security and gain unauthorized access to the affected databases.

The affected FTP servers are used by researchers affiliated to partner organizations for exchanging information. Information security professionals are investigating the incident and the affected FTP servers have been taken offline. The attacker has identified himself as TinKode. TinKode was in the news for intruding into the website of British Royal Navy, MySQL.com. He was also behind attacks on some of National Aeronautical Space Administration's (NASA) websites, the U.S Army, Reuters and Kaspersky Portugal among others. The attack took place on the anniversary of Apollo 13 crew's safe return to earth following a failed moon mission. TinKode revealed details of 13 FTP accounts to match the number of the mission. TinKode has also provided a brief description of ESA on his blog site.

Leakage of user credentials may provide attacker with access to privileged user accounts, which may contain strategic information. Revelation of such sensitive information may pose threat to national security. Attackers may also modify and delete information contained in the databases. Websites must be regularly tested for vulnerabilities and security lapses. Professionals qualified in IT degree programs, secured programming and penetration testing may help organizations in timely detection and mitigation of security weaknesses.

Attackers constantly scan and exploit vulnerabilities through sophisticated techniques. Websites are susceptible to SQL injection, cross-site scripting and distributed denial-of-service (DDoS) attacks. IT professionals must keep themselves abreast of latest developments in website security, modus operandi of attackers and threat prevention mechanisms through training sessions and online IT degree programs.

Users must avoid common passwords on multiple websites as attackers having access to password for one account may easily gain access to other accounts of the user. Passwords must be unique and must not contain personally identifiable information. Online IT courses, e-tutorials and adherence to security alerts may help users in understanding security threats and safe online computing practices.

Contact Press
EC-Council
Website: http://www.eccuni.us
Email: iclass@eccouncil.org
Tel: 505-341-3228

EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.

EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.

EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.

-

0    submitted by iClass -
Read More Press Releases

Fontan Operation Website Comes of Age

‘The Unsafe Future of Safe Drinking Water’—High Alarming Threats Concerning The Complex Water Toxicities Of Under-ground Water Reserves—UN-Water Decade Observance 2014.

Dangote, Zenith Bank, Quits Aviation to Invest in Kenya

High Risk Alarm for Under-ground Water Toxicification in ASIA & AFRICA Regions On The UN’s World Water Day Observance.

Learn Quran, Tajweed and Arabic with NATIVE FEMALE Qualified and experienced Teacher

Removed

Restaurant Laperouse partners with Designer TIFFANY BROWN for 2015 Winter Collection

HINT Water and Pretzel Crisps® Partners with Designer TIFFANY BROWN for 2015 Winter Collection Fashion Show

Pay Rs 170 crore for an uber-posh address

Pressure on farmland

Get press releases by email