Beaverton -- November 18, 2004 - netVigilance Inc. an authorized distributor of SecureScout™., a leading supplier of advanced Network Vulnerability Assessment and Management software for corporations released a security advisory for multiple vulnerabilities discovered in phpMyAdmin; an administration tool for SQL databases over the internet.

The SecureScout™ security operations center uncovered multiple vulnerabilities in the current stable version of phpMyAdmin that allow attackers to conduct Cross-Site Scripting (XSS) attacks on SQL servers.

XSS attacks almost always focus upon sites which use a session ID stored in a cookie to keep track of a users state, (i.e.: username and password.) The end goal of someone launching a malicious attack such as this; is to steal the cookie of a user of the site, so that they can later impersonate a legitimate user.

This form of attack typically occurs when a user logs in and clicks upon a bogus link, (or moves over it depending on the code), they are redirected to a different site which steals their login credentials.

Cedric Cochin; Director of Product Integration at netVigilance, was quoted as saying "These types of attacks are becoming more and more prevalent. They are used in 'Phishing' scams to perpetrate identity theft, unauthorized purchasing, theft of services, etc. All financial institutions, large service providers and ecommerce storefronts are big targets for these types of attacks and should be concerned." He went on to say "They are also very difficult to trace back to the hacker, since the trail is so cold by the time the attack or theft gets detected."

SecureScout™ from netVigilance, works proactively by uncovering network vulnerabilities and providing detailed remediation steps to secure the network before an attack can occur.

Mr. Cochin also stated "The ROI in deploying a state-of-the art vulnerability assessment solution is massive compared to the cost of recovering from a malicious cyber attack. Litigation expenses, damage control, loss of business and customer defection are just some of the costs of not having your network adequately protected."

The Department of Homeland Security; US-CERT http://www.us-cert.gov/federal/statistics/ - shows that malicious code attacks on corporate networks has increased to 880,167 incidents for the first 6 months of 2004 from 191,306 for the entire year of 2003.

About NexantiS:

Founded in 2001, NexantiS Corporation is the security IT arm of DNP (Dai Nippon Printing Co., Ltd.), the 35,000-employee multimedia Japanese group. As the largest printing group worldwide, DNP has many activities in commercial printing, electronic publishing, web contents, security printing, and owns the largest market share in Japan for smart cards. In that framework, NexantiS goals are to deliver leading-edge security solutions for the enterprise, along three main axes:

1. Vulnerability assessment tools: SecureScout™
2. Solutions for identity management, access control, and single sign-on
3. Smart Cards, Reader / Writers, and related.

NexantiS has been distributing SecureScout™ as its strategic vulnerability assessment product since 2000. Through a comprehensive Value Added Partner Program, SecureScout™ and other NexantiS solutions are made available in Asia, Europe, and Americas.

For more information, please visit our homepages:

• http://www.securescout.com/ (English)
• http://www.nexantis.us/ (English)
• http://www.nexantis.co.jp/ (Japanese)

or mail to info at nexantis dot net

About netVigilance:

Founded in 2003, netVigilance delivers best-in-class solutions for protection of corporate networks. With its SecureScout™ line of vulnerability assessment tools; netVigilance will ensure increased profitability, increased operational efficiencies, higher productivity and decreased downtime by increasing the efficiency of network security operations.

The SecureScout™ Security Operations engineers continually uncover vulnerabilities in 3rd party operating systems, equipment, applications and services.

SecureScout™ engineers develop and deploy vulnerability test cases, security alerts, remediation procedures and expert opinion to over 2,000 customers and clients worldwide.

For information contact:

Jesper Jurcenoks
netVigilance Public Relations
17937 SW McEwan Road
Suite 250
Portland, Oregon 97224
+1 503 524 5758

jesper dot jurcenoks at netvigilance dot com

SecureScout™ is the name of the suite of NexantiS security products for Vulnerability Assessment and Management. SecureScout™ is a trademark of NexantiS Corporation. netVigilance, Inc. is a partner of NexantiS and an authorized distributor of SecureScout.

CLICK HERE to download a .PDF version of this document
 

You must have the Adobe Acrobat reader installed on your browser to download .PDF files. Click on the Adobe icon to download the latest version of the Adobe Acrobat reader.