Week 11: SQL Injection

https://www.scmagazineuk.com/web-app-attacks-up-69-us-main-source-of-cyber-attacks/article/710175/

Web App attacks up 69%, US main source of cyber attacks

This article talks about the following: The rate of growth in web application attacks have grown substantially over the last few years. Akamai Q3 State of the Internet Security Report says that the Web App attacks have grown 69% compared to previous quarter. SQL Injection attacks have grown 62% compared to previous year. Statistics says that US stands in the top of the list as the main source of cyber-attacks and that SQL injection attacks rank in the top vulnerability category.

It will be interesting to see how things unfold in the future. SQL Injection attacks have been a common phenomenon. Despite firewalls preventing connections to database, these attacks have taken the brute force way. How can companies strengthen their internal database to prevent cyber-attacks? How can regulations be imposed among internet use, especially in the US, so that the rate of attacks lowers down further?

This weak, I found this interesting article that I thought I should share with you. A summary is included as well.

Enough evidence to charge six Russian government officials were gathered by the United States Department of Justice in plating a role in hacking DNC systems and leaking information during the 2016 presidential race. Earlier this year, US intelligence agencies conducted that the Russian government was behind hacking and exposing the Democratic National Committee (DNC) emails to the influence of Donald Trump favor. The US authorities believe that another dozen of unnamed Russians are could be charges with the participation in the DNC attack as well. However, both Putin and Russian government officials have denied allegations.

This incedent happened one year ago when thousands of DNC emails were stolen from the DNC computer system. These emails included Haliry Clinton campaign manager John Podesta. They were appeared in Wikileaks website.

U.S. federal agents and prosecutors in Washington, Pittsburgh, Philadelphia and San Francisco have been cooperating with the DNC investigation. However, none of them has revealed the actual identity of the six suspects.

However, even after getting charged, the Russian officials or hackers will hardly be prosecuted in the United States until they enter the US soil because the country has no extradition agreement with Russia.

https://thehackernews.com/2017/11/dnc-email-russian-hackers.html

https://csrc.nist.gov/News/2017/Transition-Plans-for-Key-Establishment-Schemes

Curve25519 and Curve448 will be added to the NIST SP 800 this year as new curve schemas for elliptical curve encryption.

Curve25519 is an  elliptic curve Diffie–Hellman and uses the equation: y² = x³ + 486662x² + x . You can read more about the curve here. 

I found this was a really interesting example of the theoretical stuff we have been reading about in actual use / public domain. I had no idea different curves had Wikipedia pages and public discussion.

Here is a reference for some of the things that use Curve 25519: https://ianix.com/pub/curve25519-deployment.html