Web Threats Weekly

Week of November 10

Cyber criminals threaten businesses, non-profit organizations, governments, blogs and web 2.0 sites. Web Threats Weekly helps alert organizations and individuals to known web vulnerabilities so that they can get help if required and take steps to fix the issues.

Web Threats Weekly includes Hacker Bait, a weekly snapshot of the latest websites found to have vulnerabilities that may have been exploited by hackers.

If you see your organization’s name on the Hacker Bait list and want to know why it is there, or have questions about how to make your organization more secure against hackers, please contact Boonbox for more information.

Spam-Alot is a list of websites exploited by spammers.

Mythbusters tips help your organization understand the real facts you need to know about the changing security landscape.

Email us at info@boonbox.net or call 1-877-744-7558.

In this issue:

Mythbusters Tip #1

Hacker Bait

Spam-Alot

Web Threats Weekly provides information for those interested in web security and stopping cyber crime, distributed by:

Pacific Coast Information Systems

Boonbox

Hacker Bait

The websites listed below have recently been found to have vulnerabilities that hackers and cyber criminals could exploit. Keep in mind that this is not a complete list of all vulnerable sites on the Internet, but only represents websites where vulnerabilities were found within the past 90 days.

These are only the latest additions to an ever-growing club of sites found to be insecure according to various public sources and online tools used in the web security industry.

Industry experts suggest that another site gets hacked every five seconds. Sites that have been hacked can infect computer systems through web browsing.

If you would like more information on our data and why these sites are listed here, please contact Boonbox

webs.com

canada.com

ubc.ca

uwaterloo.ca

ualberta.ca

uleth.ca

blogs.nasa.gov

www.ncbi.nlm.nih.gov

www.dsdni.gov.uk

mars1.jpl.nasa.gov

www.poland.gov.pl

www.polska.gov.pl

www.ptac.gov.lv

www.usaasc.info

www.cbs.com

www.cpms.osd.mil

mrib.usgs.gov

personalloans.bankofamerica.com

www.childstats.gov

search.ocrwm.doe.gov

www.glin.gov

druginfo.nlm.nih.gov

hpd.nlm.nih.gov

hazmap.nlm.nih.gov

www.eucom.mil

dtirp.dtra.mil

www.technologyreview.com

www.games.net

www.bravenet.com

www.usmint.gov

www.cubase.com

www.menshealth.com

www.foxfaith.com

www.ducati.com

www.rogers.com

search.sun.com

www.hellobc.com

www.reuters.com

www.hsbc.com.tr

www.hbeu1.hsbc.com

Mythbusters Tip #1

“I outsource web hosting, so I don’t need to worry about web security.”

Outsourcing hosting simply doesn’t translate into outsourcing liability in the event of a security breach. If hackers manage to access private information of your customers or website visitors through your web application, the legal liability falls on you. The hosting company is not responsible for web security, unless explicitly stated in the contract… which rarely happens.

Spam-Alot

Spammers are linking to blogs, profiles and other pages on these trusted sites to give victims a false sense of security that the links can be followed safely. These sites may not have been hacked, but following the spam links to these sites and clicking on links shown there can result in harm to your computer.

If you would like more information on our data and why these sites are listed here, please contact Boonbox

My.NBC.com

clubplanet.com

planetphotoshop.com

www.nola.com

www.rc411.com

gearsforums.epicgames.com

- (Discovered by Boonbox Oct.20-Nov.10)

Boonbox is a division of Pacific Coast Information Systems Ltd., specializing in products for web security, network security, password management and data backup.

PCIS is a Vancouver-based company which provides strategic consulting, application development, technology solutions and managed services to companies and government organizations throughout North America.