Morgan Todd Lewistown, PA

A SQL injection attack consists of insertion or "injection" of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. There are two complementary and successful methods of mitigating SQL Injection attacks: Parameterized queries using bound, typed parameters Careful use of parameterized stored procedures. Parameterized queries are the easiest to adopt, and work in fairly similar ways among most web technologies in use today, including: Java .NET Perl PHP Coldfuion The above video demonstrates a sucsessful sql injection attack using sqlMap. sqlmap is an open source penetration testing tool that automates the process of detecting a...

You may be a champ at Mafia Wars and Farmville, but what do you know about the security risks of social media sites? "Risk awareness is where it all starts! For example. Think about when you first created your log in with your bank or email. Common security questions are what town did you grow up in, what street, mother's maiden name, your high school, favorite teacher etc... how much of that information is on your social media sites?  Now how many friends / relatives have talked about new banking fees etc.. and you offer up your two cents with "I've been using ABC Bank forever". With a little digging its not to hard to get your information as well as your friends and family. In most cases just cloning your page is enough to get your friends to accept friend request from a cloned account and then in turn giving up all the info needed to attack them, their friends and family. How common are scams and hacks on social networks? In 2009, Facebook officials anno...

I here it far too often, complete with that infernal cry of pain. "My Facebook (put whatever page you log into here) got hacked". It may be your favorite social media site, your bank or credit card log in screen, You got there by clicking a link that someone sent to your email, or on that new cool site you found that lets you download free music. You reached that all too familiar screen that looks just like it always does, you log in and blip your log in didn't work try again, however you just gave up your log in credentials without even realizing it. How did my Facebook get hacked? Step One: Hacker will clone your favorite log in page: (No special tools needed, open up your favorite page in IE and go to file, click save page and walla you have it.) Step Two: Hacker sets up the page on his or her server, compete with a database back-end to collect results and a phony sub-domain to make it look even better ( http://facebook.freeserver.com ) Step Three: Hacker will ...

We all love the convenience of WiFi to stay connected anywhere our laptops, tablets, and smart phones take us. We connect at airports, coffee shops, libraries, restaurants, and the slew of other available access points. Taking a look at http://www.wififreespot.com gives thousands of locations to connect for free across the country. To bring up an old quote "You get what you pay for", When accessing a public WiFi security system it is important to understand any security issues. Specifically, a public WiFi system is often free and therefore is cheaply provided and public WiFi security is minimal. Therefore, it is safe to assume that any safety measures are non existent. Subsequently, when the consumer uses the public WiFi site their personal and confidential information transmitted over the Internet maybe at risk of being stolen. You never know what might be lurking out there. The bad guys have all kinds of tools at their disposal, and all of them are used to find inform...

Caught A Virus? If you've let your guard down--or even if you haven't--it can be hard to tell if your PC is infected. Here's what to do if you suspect the worst. Heard this one before? You must run antivirus software and keep it up to date or else your PC will get infected, you'll lose all your data, and you'll incur the wrath of every e-mail buddy you unknowingly infect because of your carelessness. You know they're right. Yet for one reason or another, you're not running antivirus software, or you are but it's not up to date. Maybe you turned off your virus scanner because it conflicted with another program. Maybe you got tired of upgrading after you bought Norton Antivirus 2007, 2008, and 2009. Or maybe your annual subscription of virus definitions recently expired, and you've put off renewing. It happens. It's nothing to be ashamed of. But chances are, either you're infected right now, as we speak, or you will be very soon. Fo...

If you are a Payment Card Merchant and are not yet PCI DSS compliant, take notice. It could end up being one of the biggest cost in penalties your company could incur. High-status cases concerning big corporations have hit the headlines in the last couple of years. The Payment Card Industry has threatened huge fines against some larger merchants of up to $25,000 per month until compliance is obtained. In the high-profile case of TJX (owner of T.J. Maxx, Marshalls, Home Goods and A.J. Wright retail chains), the company reported spending $202 million because of the PCI violation that compromised the card-holder account information of as many as 40 million customers. The money is being spent to handle more 20 lawsuits brought against it by banks and consumers in the U.S. and Canada and to pay settlements with credit-card associations. I don't see how the smaller business owner can gamble with the penalties for non-compliance. If you are one of these businesses and are not yet com...

Working as an Application Security Analyst as well as a being a custom Application Developer requires a unique set up for me. So starting with the OS, most of my security tools are Linux based or for me seem to run better on a Linux OS, (Nessues, nMap, Nikto, John The Ripper, Hydra) so BackTrack is my Operating System of Choice. I do have a Virtual Windows Machine for the occasions where I may need a Microsoft program such as Brutus or Adobe's CS5 but find myself rarely cranking it up. On that note being a Flex developer, Adobe deciding to no longer support Flex / Flash builder on Linux was a big downside. Also of note is deciding on a way to connect to Microsoft SQL servers during development. With Backtrack covering most of my Security tools, I threw in my favorite browser Chrome, as well as Open-office Suite and xPDF to cover reporting,  and opening Microsoft Office Files, and I added the sun Java install. For Java, PHP, Coldfusion, and Flex Development start with XAMPP ...

Facebook, Twitter, LinkedIn, MySpace, and the list goes on and on seomoz has a list of the top 25 social media marketing sites at http://www.seomoz.org/article/social-media-marketing-tactics . In 2009, the population of Facebook surpassed that of the U.S.A. In just over two years, it is now double the population of the US. If Facebook were a nation, they would be the 3rd largest in the world. The impact of this on marketing through Social Media management is staggering. Big corporations are quickly catching on to the power of Social Media Marketing, which includes Twitter marketing. For the first time, in 2010, ending a 23 year run, Pepsi Cola pulled out of advertising in the Super Bowl ditching it for Social Media. The phenomenal growth of Social Media (texting, blogging, networking)has the attention of every major company. Social Media Management has become an essential component in today’s business, So how do you leverage the power of Social Media for your company. The Days...

Pr-Internet when you thought of a store being robbed you pictured the masked bandit with a gun standing in front of the cashier demanding the drawer, or maybe a more optimistic view of a shoplifter, or a shady employee dropping merchandise outthe back door, my how times have changed. Enter todays modern Cyber-Thieves, they operate in stealth from behind the anonymous veil of their computer screen. No longer the masked bandit with a gun and a bad upbringing, now it could be a board teen with a new hacking script, a grandmother who learned a trick from the kids to get a discount in a form order, the 35 year old laid off white collar developer that found out he could sell credit-card numbers or even just sales leads with his IRC account, add too them the countless number of other Cyber-Thief profiles. They attack small to big companies, municipalities, churches, etc... looking for any identity information, Credit-Card information, as well as other relative information that may get t...