Monday, December 29, 2008

Top Haxx of '08

"Data breaches continued to make their very public mark on cybersecurity news in 2008. And this time it wasn't TJX making headlines. Despite being PCI compliant, Hannaford Brothers supermarkets announced that 4.2 million credit and debit card numbers were pilfered from its servers. We also learned in 2008 that attackers aren't necessarily becoming more sophisticated. The cause of many data beaches and the deluge of phishing, spam and malware attacks suggest something else is going on. Automated toolkits are being bought and sold in online forums fueling the scope of many attacks. Although it's an old-school method, SQL injection attacks work and hackers use them to pull off hundreds of thousands of successful attacks against vulnerable websites and their visitors. And finally, Dan Kaminsky signaled a dire warning about a major DNS cache poisoning vulnerability. It wasn't the apocalypse, but the security researcher demonstrated that weaknesses exist in the fundamental way the Internet works."

More at SearchSecurity...

No comments: