Introduction On April 11th 2011, at nine in the evening, Barracuda Networks posted a grim entry on their blog. Their network had been hacked. Thousands of their confidential customer and employee records were stolen. In an ironic twist of fate, the company that advocates security…
Low-Hanging Fruit Becomes Big News with the 2011 Verizon Data Breach Report
The 2011 Verizon Data Breach Investigations Report is out. Yeah, yeah, yeah – yet another report telling us what a bad state of security we’re in and that we need to fix all sorts of things in IT. Okay, I’m not going to complain too…
But Compliance is Someone Else’s Job!
Regulatory ‘compliance’ – it’s a dirty word in business today. Perhaps that’s because we’re being force-fed more and more rules that various governing bodies believe are the best ways for us to run our businesses. Regardless of what side of the government growth – and…
Protecting Your Brand with a Secure Website
These days, everyone and their grandmother has a website or blog. It’s becoming more and more common for the average person to have a website, whether it’s for informational purposes or as a way to promote a product or service. Either way, there is a…
MySQL.com Victim of SQL Injection Attack
Introduction On 27th March 2011 a message was posted on the popular Full Disclosure mailing list exposing a recent hack against the website mysql.com. This vulnerability was apparently also reported by a hacker called TinKode, who also claims to have found a cross site scripting…
Don’t Overlook the Importance of Authenticated Testing
Would you want to rely a home inspector’s analysis of just the outside of a new home you’re considering for purchase? What about a lab tech only running a partial CT scan or the radiologist analyzing only part of your MRI when your health is…
Cross Site Scripting Attacks
Hackers are constantly experimenting with a wide repertoire of hacking techniques to compromise websites and web applications and make off with a treasure trove of sensitive data including credit card numbers, social security numbers and even medical records. Cross Site Scripting (also known as XSS…
You can’t change what you tolerate
Attending a recent meeting I heard one of the speakers say “You can’t change what you tolerate.” Apparently it’s a quote from Cesar Millan (the dog whisperer) but it really struck a chord in me regarding web application security and overall information risk management. How…
How to Avoid the Google Blacklist
In the ‘old days’ – around 4 to 6 years ago, when the Google Blacklist was less of a news item – hackers were primarily interested in stealing customer data from websites. They would cause absolute havoc after breaking in, stealing anything from customer credit card…