ProCheckUp Newsletter

Click here if you are unable to view this newsletter properly

Welcome to the summer edition 2008 of ProCheckUp's newsletter Security News!

This edition includes ProCheckUp in the press, changes to the PCI User Group and our new vulnerability finds.

Yours sincerely

Charlotte Davies


	Since the last newsletter ProCheckUp's high quality service and thorough penetration testing was recognised in SC magazine. SC featured a piece on Bonhams auction house describing its journey towards PCI compliance and working with ProCheckUp. Read the case study here >> In other news Computer Weekly asked ProCheckUp's Technical Director Richard Brain, to offer his expert opinion on the oyster card debate that has been taken to the courts.
Read this article and other ProCheckUp related news here >>

87% of breaches were avoidable with the correct security measures" 2008 Data Breath Investigations Report

Penetration testing allows you to find potential security breaches before they can be exploited. Finding vulnerabilities in networks allows you to protect your company from malicious sabotage, opportunist attacks and theft of data.

The award-winning ProCheckNet Penetration Testing service combines the methodology of a manual penetration testing team with the functionality of an automated attack system to create the most comprehensive and effective penetration testing service available.

Not only do we provide the most comprehensive testing, due to the reduced need for consultant time we also proivde the most cost effective method of testing. To find out more about how using ProCheckNet technologies can save your company money to go to:

ProCheckUp's Cost Effective Penetration Testing

Since setting up the PCI User group in 2005... ProCheckUp has always hosted the group at its offices, however the increasing interest has meant the decision to expand the group and move to a external venue has been taken. The last few meetings have been held at hotels and the new set up has been working very well with numbers continuing to grow.

The next meeting will be in September; further details on how to join the user group and the dates of future meetings can be found on the website.

PCI DSS User Group >>

Infosec 2008

ProCheckUp took part in this years Infosec Europe event at Olympia. Hosting a medically themed stand for the second year the event was an excellent opportunity for us to meet with new customers and some existing ones. Thanks to all of you who took the time to come and visit us on the stand.

Vulnerabilities

In the last two years ProCheckUp has published more vulnerabilities than any other UK company... The most recent of which is the case of Moodle, a leading product within the academic portals arena, which is used by world-class universities and other academic institutions, is vulnerable to take over of teacher accounts.

The vulnerability would allow the perpetrator to manage the account and even gain access to high-privileged functionalities such as grades tracking (viewing and changing) and retrieval of exams and assignments submitted by other students. ProCheckUp Ltd have found two serious vulnerabilities that allow malicious users to take over accounts. By simply tricking a teacher user to click on a link while being logged onto a Moodle site, his account can be hijacked by a malicious user (i.e. disgruntled student). To find out more about this and other recently discovered vulnerabilities look at

ProCheckUp Vulnerabilities

ProCheckUp Ltd, Syntax House, 44 Russell Square, London WC1B 4JP
Tel: +44 (0) 207 307 5001 Fax +44 (0) 207 307 5044

This email is being sent to {Email_Address?}

You may unsubscribe from future ProCheckUp newsletters at any time