Group items tagged

According to Mandiant's Kevin Mandia, retailers are being compromised by one attack in particular: SQL injection. In this keynote speech from Information Security Decisions 2008, Mandia takes you through a common retail hack and points out the attack tools being used to gain domain credentials and credit card numbers.

The U.S. Department of Justice's indictment of Albert Gonzalez on Monday seems to have all the elements of a Hollywood crime drama: A hacker gains access to millions of credit and debit card numbers and has the power to take down a nation. Too bad for Tinseltown, the attack itself was about as sexy and a pile of routers. According to the indictment, Gonzalez, 28, gained a foothold into the systems of credit card processors such as Heartland Payment Systems ( HPY - news - people ) and retailers like OfficeMax ( OMX - news - people ), Barnes & Noble ( BKS - news - people ) and TJX Cos. ( TJX - news - people ) using an amateur hacking technique called "wardriving," which uses wireless access points to find vulnerable networks from which to launch attacks. Once connected to those private networks, Gonzalez used a well-known technique called "SQL injection" to trick Web applications into forking over private information that gave him deeper access into networks. Even though it sounds complicated, techies liken this kind of hack to simply turning the front doorknob to get into a house.

More electronic records were exposed in 2008 than in the previous four years combined and most of those breaches -- nine out of 10 -- could have been easily avoided with basic preventative controls consistently applied. In its 2009 Verizon (NYSE: VZ) Business Data Breach Investigations Report, Verizon Business Security Solutions analyzed 90 confirmed breaches that occurred in 2008, affecting 285 million compromised records. The company's previous data breach report covered from 2004 through 2007, a period that saw 230 million compromised records. About a third of the breaches in Verizon Business' caseload have been publicly disclosed, and additional disclosures are expected before the end of the year. But many breaches will remain unreported because of the absence of any applicable disclosure requirement. Among the report's findings: 91% of all compromised records were linked to organized criminal groups; customized malware attacks doubled; and the most common attack vectors were default credentials and SQL injection. In a statement, Peter Tippett, VP of research and intelligence for Verizon Business Security Solutions, described the report as a wake-up call. Businesses need strong security and a proactive approach, he said, particularly because the economic crisis is likely to spur even greater criminal activity.

Like this http://www.hdfilmsaati.net Film,dvd,download,free download,product... ppc,adword,adsense,amazon,clickbank,osell,bookmark,dofollow,edu,gov,ads,linkwell,traffic,scor,serp,goggle,bing,yahoo.ads,ads network,ads goggle,bing,quality links,link best,ptr,cpa,bpa. www.killdo.de.gg

The website for the popular children's television show "Curious George" was compromised this week to serve malware to visitors, according to researchers at web security vendor Purewire. The site, which is run by the Public Broadcasting Service (PBS), was propagating malware from at least Monday until Thursday, Nidhi Shah, research scientist at Purewire, told SCMagazineUS.com on Friday. It is not clear how hackers were able to break into the site, but it is possible that they obtained the credentials to an FTP account or exploited an SQL injection vulnerability, Shah said.