ALL >> Computers >> View Article
Open-source Ftp Application Compromised. Information Security Experts Analyze The Vulnerability
Over the recent years, IT security has become the buzz word. The rising threat profile in the cyberspace has made it inevitable for software developers and vendors of security products to place greater emphasis on security. Hackers are waiting to explore all forms of vulnerabilities. The recent acquisition of security solutions firm - McAfee by Intel indicates the imminent challenges involved for software developers.
Of late, Websites have been one of the prime targets for hacking attacks. Breach of a webpage, may result in unauthorized access to the associated databases. Therefore, it is important to have secured underlying server software. Recently, information security professionals reported breach of ProFTPD, File Transfer Protocol (FTP) server software. Hackers exploited an existing unpatched weakness in the FTP application to gain access to the ProFTPD's main distribution server. On gaining access to the main server, the intruders inserted a backdoor in place of the source files. The attack affects the ...
... latest version 1.3.3c and associated mirror servers. The source code of ProFTPD is free available and can be altered by anyone with malicious intentions. Usually, organizations use ethical hacking to identify the weaknesses for taking corrective measures. In this case, unknown hackers exploited an unpatched vulnerability on the affected system.
Incidentally, the intrusion follows a recent attack on another free software repository by hackers. ProFTPD is used by websites of many organizations including Harvard Law School, abebooks.com, SourceForge, Frontier Internet, Daresbury Laboratory and Linksys among others. Information Security researchers behind ProFTPD project have warned clients, who have downloaded the recent version of the software to check for security compromises. The backdoors allows attackers to gain remote access to the root access of the compromised system. However, the researchers have confirmed that source code embedded in the CVS, which examines the alterations in files, remains unaffected.
Users who have downloaded the compromised ProFTPD version may protect their systems from further compromise by installing an unaffected version of the software. The ProFTPD website lists the PGP signatures to enable sites driven by ProFTPD software to verify whether the source files installed by them are compromised.
Contact Press
EC-Council
iclass@eccouncil.org
Add Comment
Computers Articles
1. What Identity Governance Really Means In Modern EnterprisesAuthor: Mansoor Alam
2. Strategies For Successful Site Selection In Clinical Trials
Author: Giselle Bates
3. Simplifying Business Purchases With Smart, Reliable Procurement Solutions
Author: suma
4. How Businesses In Dubai Are Scaling Faster With Modern Erp Software
Author: Al murooj solutions
5. How To Choose The Right Weapon Tracking System: 7 Must-have Features
Author: 3PL Insights
6. Power Bi Tutorial For Beginners: Learn Business Intelligence Step By Step
Author: Tech Point
7. Spark Matrix™: Data Governance Solutions
Author: Umangp
8. How Prediction Market Software Development Is Transforming Data-driven Decision Making
Author: david
9. Naming Development & Management
Author: brainbell10
10. Mysql Database Development & Management Services
Author: brainbell10
11. Mongodb Development & Management
Author: brainbell10
12. Spark Matrix™: Conversational Automation
Author: Umangp
13. How Care Home Software Helps Improve Daily Operations In Care Homes
Author: Centrim Life UK
14. Pc & Tech Stores: Latest Trends In Hardware And Accessories
Author: Jack Williams
15. The Infozed Blueprint: Powering The Modern Workspace
Author: suma