Breaches Cast Critical-Eye on Best Practices

The attacks that hijacked more than 130 million credit and debit cards were easily preventable. TJX, Heartland, and Hannaford breaches used some of the most basic of hacker technologies and should never have gone the distance.

130 million cards, damages in the billions, if not the hundreds of billions of dollars were caused by SQL injections, sniffers, and backdoor malware. These were not overly complicated code written by world class hackers these were moderately difficult techniques that are employed on a constant basis.

Indeed the Web Hacking Incident Database labels the SQL injection as the most commonly exploited flaw on a Web application.Sniffers were deployed to capture credit card data and were used in concert with breaches to the database to collect necessary information. Backdoor malware used to transmit the data back to their servers. Once the initial breach was made, the hackers “installed” the sniffers and the malware to complete the process of collecting card information and sending it back.

What’s even more amazing about this, is the fact that the FBI and Secret Service sent out a warning that talked about the various ways hackers will exploit known problems to capture card data. Security experts who looked at these three cases determined that the warning was almost an exact blueprint of each breach.

You may not have access to several million credit cards. Your web site might not be a financial institution. Your web site might only have a modest amount of customers and be a relatively minor player in your industry. Regardless of what your site is, you owe it to your customers, readership, and yourself to provide a secure environment. The tools for prevention of SQL injections. XSS, malware distribution and the like are available. Get educated and get secure.