The site was restored Monday morning.

Carlos Portales, political director of the Chilean foreign ministry, said the incident is being investigated.

“It has happened with other Web pages, including some from the United States government, the Vatican,” Portales told reporters.

The Santiago daily El Mercurio on Monday reported that officials believe the hacker was a Peruvian.

While Chile and Peru have generally friendly relations, tension sporadically breaks out over the aftermath of two 19th century wars between the countries and a dispute over maritime boundaries has been developing.

The Web page carried information about activities of President Michelle Bachelet and about the upcoming Ibero American Summit for leaders from throughout Latin America, Spain and Portugal. Portales said the incident does not appear related to the summit.

‘Evil’ Techie genius Robert Moore has recently been jailed in the US after exposing tremendous flaws in tens of telcos IT infrastructures stating it was ‘incredibly easy’ because of basic IT security mistakes.

His global hacking spree was targeted at telcos and corporations aiming to allegedly steal voice over IP services and sell them through a company he was working for.

“It’s so easy. It’s so easy a caveman can do it,” he laughed.

“When you’ve got that many computers at your fingertips, you’d be surprised how many are insecure.”

It has been reported that he stole 10 million minutes of service and re-sold them at discounted rates, netting more than $1 million from the scheme although only receiving $20,000 personally for his efforts.

AT&T reported at the trial that Moore ran 6 million scans on its network alone, aliases have been used for the other companies that were successfully targeted in an attempt to sure up confidence in their services.

One small telco went out of business because of expenses the company incurred due to the amount of traffic Moore was responsible for diverting through their network.

Moore said what made the hacking job so easy was that 70% of all the companies he scanned were insecure, and 45% to 50% of VoIP providers were insecure.

The biggest insecurity? Default passwords.

“I’d say 85% of them were misconfigured routers. They had the default passwords on them,” said Moore. “You would not believe the number of routers that had [Removed] or [Removed] as passwords on them.

We found the default password for it, and basically we could get in almost every time. Then we’d have all sorts of information, basically the whole database, right at our fingertips.”

Time to do a free security check on all your clients servers?

“It was kind of like a rolling blackout,” Jim Hanacek, spokesman for the California Department of Technology Services, said. “Fortunately we were able to get to it before it completely took down ‘ca.gov.’”

Aaron McLear, spokesman for Gov. Arnold Schwarzenegger, said that the problem began when the website of the Marin County Transportation Authority was compromised by a hacker who redirected some traffic to an erotic website. A county IT representative did not return a call for comment.

The hacker apparently made an adjustment in the domain name system (DNS) server that rerouted certain traffic, Hanacek said.

“That apparently sent a red flag to the federal government,” said McLear. The shutdown process did not get far, and there were no reports of state services being interrupted, he said.

Hanacek’s department checked with critical departments such as the state Highway Patrol, which reported its web and email systems were operating, albeit slowly. The state declared all operations normal by 10:30 p.m. EST on Tuesday.

Hanacek said he was upset the state was not notified that the federal government was planning to take all state sites offline.

“They just made the change unbeknownst to us,” he said. “I think there should have been a notification of a change of that magnitude.”

A GSA spokesperson did not return a call for comment.

Last year saw an aggressive rise in web attacks. According to ScanSafe’s Annual Global Threat Report, spyware increased by 254 per cent in 2006, eclipsing email threats for the first time. The boundaries between spyware, adware and viruses have become blurred and criminals are now targeting multiple internet platforms with more focused, financially-oriented attacks.

For many malware authors, their motives have shifted from a desire to show off their technical prowess or create anarchy, to a greed-driven search for money. In 2006, over 65 per cent of web virus payloads were intended to achieve some direct financial benefit.

Last year also saw web 2.0 increasingly under siege, with hackers targeting social networking sites, chat rooms, popular search engine results and instant messaging.

The sheer scale of these threats has taken many corporate IT departments by surprise, as they grapple with balancing security and liability concerns with the realisation that the web is a mission-critical business communications tool.

The clear message is that businesses can no longer rely solely on traditional IT security solutions on the desktop or corporate network. Anti-virus software, firewalls and intrusion protection systems are valuable shields, but they are not impervious to today’s socially engineered, pernicious web threats.

IT departments are already taking action. Many companies have had help in scanning and filtering email traffic for some years. Now they are looking for help with their web traffic.

According to a recent survey of companies that already buy in managed IT services, 2007 will see a focus on security. The study from the Computing Technology Industry Association found that 33 per cent planned to increase their spending on managed security services. The reasons they gave are the traditional ones – the lack of in-house skills, more cost-effective and it enables them to concentrate on their core competencies.

These findings are backed by another recent report from industry analyst group Frost & Sullivan. It sees the managed security services market in EMEA soaring from $81.7m in 2005 to $603.7m in 2012.

If this suggests that the next five years will be a challenging, but rewarding period for web security-as-a-service providers, it also means plenty of opportunities for channel partners.

IT departments are finding that managed web security services are scaleable, flexible, have a lower total cost of ownership compared to hardware and software solutions and free up valuable network bandwidth. In fact, most customers report a 30-40 per cent saving over on-premise solutions.

For the channel, web security-as-a-service offers quick entry into the lucrative managed services security market. Because it doesn’t require investment – in development, infrastructure or hardware – it also provides a painless way for resellers to add web security to their portfolio of solutions.

Managed services also offer recurring revenue for channel partners, which is especially appealing given the declining margins of premise-based solutions. Hardware and software web security solutions have attained a certain maturity in their lifecycle and saturation in the marketplace. As a result, the margins on hardware and software solutions have steadily declined. This is not the case with web security-as-a-service, a relatively new offering with wide appeal across industry verticals and among SME businesses as well as larger enterprise accounts.

The net result for channel partners is that managed security services help boost gross margins and offer an easier, more cost effective way for customers to conquer web-based threats.

In a presentation entitled ‘Premature Ajaxulation’, SPI Dynamics researchers Billy Hoffman and Bryan Sullivan cataloged a myriad of attacks that are made possible when developers follow advice or use scripts found in otherwise reputable blogs, web sites and manuals.

While there are many ways to mitigate these security risks, the researchers said that as a last resort developers should ‘consider abstinence’ from Ajax.

“Just because all your friends are doing it, it does not mean you are ready for it,” Hoffman said.

The SPI researchers said they have seen Ajax sites that contain rudimentary ‘client-side pricing’ vulnerabilities that were common on the web 10 years ago.

This kind of vulnerability allows a malicious user to name their own price when buying something online, by forging the price field that the browser sends to the web server. In the old days, this meant editing the value of a hidden field in an HTML form.

Now SPI’s researchers have found sites that send this price data using Ajax calls, which can be forged just as easily as HTML forms by those who know what they are doing.

The main problem with Ajax is the J, for JavaScript, the language which handles the client-side logic of the application. While it can be obfuscated somewhat to make it harder for a person to read, it is plain text that can also be read and reverse-engineered by the bad guys.

The researchers showed a series of attacks on a mocked-up airline website, which, far from being a straw man, they said was built purely using guidance and code found in Ajax manuals and websites.

One attack showed the Ajax call for paying for a flight could be turned off, while leaving the call for booking the flight turned on, potentially giving the attacker a free flight. Another attack showed that when one function temporarily reserves a flight and a subsequent function releases that flight, a hacker could turn off the latter function to create a denial-of-service attack in which all flights show up as reserved and none can be purchased by any user.

“Whenever you have a resource allocated in one function and released in another there is the possibility of this kind of DoS attack,” Sullivan said.

Many web application developers do not ‘get’ the fact that what they are basically doing with Ajax sites is exposing a bunch of server APIs for people to play with, the researchers concluded.

An Ajax web page will deliver a JavaScript script that the browser can use to call these APIs correctly and in the right order, but the user is under no obligation to do so.

An additional problem is the tendency for developers to dump all their JavaScript functions in one .js file that is header-linked on all a site’s pages, SPI’s researchers said.

While this is good advice when it comes to code management and convenient client-side caching, it also could expose functions that some users should not see, they said. This would be particularly dangerous if administrator APIs were exposed.

Separately, Danny Allan, director of security research at SPI competitor Watchfire, now part of IBM, told us that about 85% of Ajax apps have vulnerabilities, and that there are several areas of concern when it comes to Ajax security.

One of these is authentication and authorisation. In some cases Ajax apps, because of the increased back-and-forth between browser and web server, do not pass along the user’s cookie, meaning the application’s APIs could be called without the user being identified.

Allan said his number one concern at the moment is an attack called ‘prototype hijacking’, which came to light at a European hackers conference in January this year. The attack sees the bad guy overwriting an application’s XMLHttpRequest method – the piece of code used to create data objects that can be sent and received by the app – so that data is covertly sent to the attacker.

SPI’s Hoffman identified the trend towards Ajax apps that can also work in an offline mode as another great cause for concern, as even more JavaScript is delivered to the client. “Offline apps scare the crap out of me,” he said. “You are going to put that much business logic on the client so you can use it offline?”

Client-side technology such as Google Gears, which comes with an SQL Lite database, opens up the possibility of simplified SQL injection attacks that can be crafted in offline mode, he said.

And with software such as Microsoft’s Silverlight, it can be very difficult to tell, before compiling, which code will end up on the client and which will end up on the server, he said.

The exploit installs a common proxy network bot, known as a flux bot, which is used to hide phishing sites behind constantly changing proxy servers, Ullrich explained. The cybercriminals, in other words, use their newly compromised PCs to hide the tracks of unrelated phishing scams targeting banks and other financial institutions.

“It’s lends some secrecy to the scam and it makes it harder to shut down,” he said. “Now, the actual machine (the victim) is connected to get to the phishing site changes by the minute. You can’t easily block them. It’s not that obvious.”

The botnets are also being used to send spam, Ullrich said.

Potentially thousands of MySpace pages could be infected with the malicious worm, but the infected profiles are “being shut down really quickly,” he said.

A spokesperson for MySpace, which has more than 100 million members, could not be reached for comment.

Ullrich said cyberthieves traditionally tailor their worms for MySpace and other social networking sites because of the younger demographic that use them.

“It has a lot of non-technical users who do not patch their browsers,” he said. “People are not that careful. They may visit MySpace thinking [it’s] a big a company and not realising the content of the pages comes from the average user.”

MySpace has been the victim of a number of attacks over the past year. Vincent Weafer, head of Symantec’s Global Security Response, said MySpace users are often easily duped into giving up their credentials.

“If I can get into your trusted group, I may be able to get information out of you,” he said.

Colin Whittaker of Google’s Anti-Phishing Team wrote on the company’s security blog recently that many users are tricked into giving their usernames and passwords so crooks can send spam from their account or – worse – use that same log-in information to access their bank accounts.

The Prg Trojan, as it has been dubbed by SecureWorks, is a variant of another Trojan called wnspoem that was unearthed in October. Like its predecessor, the Prg Trojan and its variants, are designed to sniff sensitive data from Windows internal memory buffers before the data is encrypted and sent to SSL-protected Web sites. The Trojans are programmed to send the stolen data to multiple servers around the world where it is stored in encrypted fashion and sold to others looking for such information. An analysis of log files on the servers storing the stolen data shows that a lot of the information is coming from corporate PCs, Jackson said.

The variants include a new function that allows them to listen on TCP port 6081 and wait for a remote attacker to connect and issue commands for forwarding data or for rummaging through files on the compromised system, Jackson said. The newer variants are also more configurable and can be programmed to send stolen data to their final destination via a chain of proxy servers. The new Prg variants encrypt stolen data differently than the original version, making older analysis tools obsolete, Jackson said.

What makes the threat from the Prg Trojan especially potent is the availability of a construction tool kit that allows hackers to develop and release new versions of the code faster than antivirus vendors can devise solutions, Jackson said. The toolkit allows hackers to recompile and pack the malicious code in countless subtly different ways so as to evade detection by antivirus engines typically looking for specific signatures to identify and block threats, Jackson said.

The toolkit appears to have been developed by the Russian authors of the original wnspoem Trojan and comes complete with a three-page instruction manual in Russian instructing buyers how to use it. Originally, the kit appears to have been sold to other hacker groups for around $1,000. But more recently it appears to have been posted on an underground site, where others have been downloading and using it, Jackson said.

“The hackers are literally infecting thousands of users with one particular variant and once that version of the Trojan is blocked by antivirus, the hackers simply launch a new one in its place,” Jackson said. One of the groups using the construction kit has been naming their attacks after makes of cars, including Ford, Bugatti and Mercedes, according to a SecureWorks description of the Trojan. The group has been spreading versions of the Trojan by taking advantage of vulnerabilities in the ADODB database wrapper library and other components of Windows and Internet Explorer, according to SecureWorks. That group alone may have snared data from more than 8,000 victims. Data stolen by this group’s Trojan’s are sent to servers based in the U.S and China, according to SecureWorks.

Another group using the toolkit has been naming its attacks using the letter “H” and has sent its variants via spam e-mails to various individuals, SecureWorks said. One recent attack involved an e-mail with a subject line reading “HAPPY FATHER’S DAY.” Data stolen by this group’s Trojans is being sent back to servers in Russia. According to Jackson, many of those servers have separate staging areas on them with multiple versions of Prg Trojan programs that can be released as older versions get detected by antivirus software.

The quickly-forthcoming nature of Apple’s patches has divided opinion among industry watchers, with some praising the company’s quick response to flaws and others criticising the fact they have appeared at all.

According to James Turner, industry analyst at IBRS, the question of security updates is not likely to be one bothering businesses.

“The majority of Safari users are the people who will readily chop and change their browser. They are the technically advanced, the home users, the curious, and the Apple fanatics. So, the bugginess of Safari is more of an inconvenience to the early adopters, rather than a serious issue. Yes, it’s sloppy, but it’s not that important. The stakes will increase dramatically if the iPhone starts getting similar market share to the iPod,” he said.

The second security update fixes a flaw that could allow malware writers to spoof the contents of the browser’s address bar, potentially fooling users into divulging sensitive information such as online bank details and passwords. The issue does not affect Macs running the browser.

The latest version of the Safari beta for Windows includes improved stability and fixes for text display, non-English systems and start-up times. Its Mac equivalent also contains security plugs and boosted stability, as well as better WebKit support for Apple’s Mail, iChat and Dashboard software.

The security element of the Mac Safari patch plugs a hole that could allow cross-scripting attacks to be launched if a user visits a malicious website.