What is TrustedSource? | Create Account | Login 
Secure Computing Corporation
 
Home  Threats and Trends  TrustedSource™ Blog
TrustedSource™ Query
Enter IP address, domain name or URL to check reputation/traffic patterns:
Search
 


Latest Malware Threats
 RSS Feed
Trojan.BHO.QW2008-11-20
Trojan.Dldr.Agent.amzp2008-11-20
Trojan.PSW.Nilage.bvl.12008-11-19
Trojan.PSW.Online.cfd2008-11-19
Win32.Chir.B2008-11-13
Trojan.Agent.ahze2008-11-12
View Malware Library
 

TrustedSource™ Blog

Web Server Security: How a Typo Led to a Massive Sell-Off

September 15th, 2008

The Financial Times reported last week that a major sell-off of United Airlines was triggered by an old link on the front page of the Chicago Tribune. The link was pointed to an article about United going bankrupt; there was just one problem - the article was from 2002. Google News picked up the link and began publishing it with the current timestamp, which propagated the story further. A financial reporter came across the story on Google News and did a write-up of United which scrolled into the Bloomberg news ticker. Within a few hours, trading on the stock had been suspended after reaching a low of $3. During the trading period, nearly 15 million shares were exchanged. Large businesses lost millions of dollars as the result of a single erroneous link.
This story does have a moral. We live in a world that is mostly automated by computer systems. Not only is much of the news we read aggregated for us by computers, but all of our major trading platforms are now automated to place buy and sell orders based on stock prices and percentages. When events like this occur, the volatility it can create can cost millions of dollars. But much of this has already been said in the days following the stock’s crash.
What hasn’t been emphasized is the importance of web security and what lessons we can learn from this story. In the Chicago Tribune’s case, the error was local, however the possible threat of a stock spammer exploiting this technique to hype or short sell a stock should be even more so now evident of the importance in keeping our web servers secure. Many new SQL injection attacks have successfully rewritten the local pages on their victims’ web servers, allowing a malicious party to change the content sent out by the web server to their liking - a fusion of phishing and malware of the worst kind.
Consider the importance of your website’s reputation in the security design you plan for your servers. If your company’s good name can be used to manipulate stock sales or make other such decisions, consider that the malicious parties out there know this too, and are working to break into your systems.

Back to TrustedSource™ Blog overview

Secure Computing Corporate Homepage | Contact | Privacy Policy | Disclaimer

Copyright © 2007-2008 Secure Computing Corporation. All Rights Reserved.

ANY INFORMATION PROVIDED BY SECURE COMPUTING ON THIS BLOG ARE OFFERED "AS IS" WITH NO EXPRESS OR IMPLIED WARRANTIES, CLAIMS, PROMISES OR GUARANTEES ABOUT THE ACCURACY, COMPLETENESS, OR ADEQUACY OF THE INFORMATION CONTAINED IN OR LINKED TO AND NO RIGHTS ARE CONFERRED. BY USING THIS BLOG, YOU ASSUME ALL RISK FOR YOUR USE. IN NO EVENT WILL SECURE COMPUTING BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, INCIDENTAL, EXEMPLARY, OR OTHER DAMAGES WHETHER OR NOT SECURE COMPUTING HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGE. SECURE COMPUTING HAS NO OBLIGATION TO POST BLOG SUBMISSIONS OR RESPONSES.