Tag Archives: security
Is your website hackable? Why you need to worry (Page 1 of 3)
Apocalypse Now
Just because you think your data is safe does not mean your database of sensitive organization information has not already been cloned and is resident elsewhere ready to be sold to the highest bidder. To make matters worse, only recently, it has been discovered that hackers are not simply selling your; theyre also selling the fact that you have vulnerabilities to others be they hackers, industrial spies or terrorists.
It all sounds apocalyptic, doesnt it? Well, rather than being an angel of doom, Ill let the stats speak for themselves.
TJX Companies Inc.,
TJX Companies, owners of T.J. Maxx, Marshalls, Winners, HomeGoods, A.J. Wright, and Bobs stores, on the 17th January this year, disclosed that 40 million of their customers credit and debit card details were stolen. In parallel, federal credit union SEFCU published a similar warning that the personal details of 10,000 of its customers were compromised in the hack attack.
Another 60 banks including Citizen Union Savings Bank and Bank of America seem to have customers whose credit and debit cards have been breached in this attack.
Ben Cammarata, Chairman and Acting Chief Executive Officer of TJX Companies, stated that the nature of the hack is not known and two computer security experts are at hand examining the problem. The warning issued by SEFCU sheds greater light and states A fraudster may have gained access to
card information through one of those entities in the payment network, including the merchant.
SC Magazine reports that hackers used data from the breach to purchase goods in a number of states in the US, in Hong Kong and in Sweden.
A digest of the latest developments follows:
* According to 3WCAX-TV Website, the attack is expected to cost consumers one-point-five (M) million dollars. This article was published before law suits started sprouting. * Brian Fraga, Standard-Times, reports that a class action lawsuit filed this week in U.S. District Court (Boston) against TJX. The amount of damages sought is undisclosed. According to SC Magazine, yesterday a West Virginia resident slapped another lawsuit and is suing TJX for $5 million. * U.S. Rep. Ed Markey, D-Mass., chairman of the House Subcommittee on Telecommunications and the Internet, has called for the Federal Trade Commission to investigate the hacking, according to a eport today in the Boston Globe. * Today, the Government of Canada, stated that it is launching an investigation into TJX and the data breach. * Of note is that the hacking may have started in May 2006 and the breach was discovered only in December 2006 (and publicized in January 2007).
Universities
University systems are usually highly decentralized which makes it hard to ensure tight security. To the extent that one department may have deployed a hardened security infrastructure while others loll in lax measures making the whole system weak.
Protect your website with your ethical hacking knowledge
The first cause for websites being hacked is the lack of knowledge of their webmasters.
Hackers or even wannabe hackers can modify your website home page, steal your website profits and fame by just using ready to be downloaded exploits published into trusted and untrusted internet security portals.
Whether you have a basic knowledge of web site publishing or you are an experienced webmaster the only thing to protect yourself from hackers attacks is ethical hacking.
Ethical hacking means understanding your enemy mind, skills, intentions and strength, up to take the successful countermeasures that will save your daily hard job into developing a successful and trusted web platform.
Image damages causing shareholders and customers complaints, not to mention 6 figures money loss, is what led many big corporations to hire dozens of ethical hackers to keep their networks and web site safe from “bad” hackers.
In this article I am going to focus on the following two questions: What do ethical hackers do? What can I do to protect my website if I am not an ethical hacker?
The first step taken by hackers, should they be ethical or evil, is to scan your web application for known vulnerabilities. This can be achieved through a penetration testing process that can be manual or automated by some programs and scripts. This is the most important and crucial task in every attack attempt. And this is what an ethical hacker can’t fail.
The second step is to get a working exploit to take advantage of the vulnerability found in step 1. Here is where protection and fixes should take place to *prevent* the attack and not to just cure after the disaster. Ethical hackers in this case would be able to modify source codes to cover the holes or just reduce the success rate of the attack dramatically.
I would strongly advise to work on the first step since it is the most simple to master whether you’re not expert into security field or you just don’t have enough money to hire an experienced ethical hacker.
Internet security knowledge is what can save your site with a very cheap price. At the most basic level this can be achieved by keeping yourself informed on your websites scripts well-known vulnerabilities, available patches and security best practices.
Moreover the understanding of basic attacking vectors like Cross site scripting or SQL Injection will keep you safe from a big number of wannabe hackers that you will be able to defeat…with your knowledge! So next time you will see some suspicious activity in your website log you will be laughing at it, since not a dummy tool but your own knowledge as ethical hacker will be protecting you.