A new report this week from ITC reveals that eighty-five percent of IT security decision makers think that losing data via an external threat is "very unlikely." Wow. Once upon a time, anyone involved in application security had a need to educate potential customers on why application security...
Court papers recently filed in conjunction with the indictment of Albert Gonzalez reveal that SQL Injection attacks were behind the data breach that allowed hackers to steal massive amounts of data from Heartland Payment Systems, TJX, and other businesses. Over 130 million credit and debit card numbers...
This is a great article about the value of a hacked PC to an attacker. While this focuses on personal PCs, all of these reasons can also apply to compromised web servers. Remember, web hacking has evolved. Script kiddies began by defacing web sites and conducting other forms of cyber vandalism. As applications...
One of our security researchers just happened to stumble across this interesting Highscores area of a free Flash skeet shooting game. Notice scores 6-10. Now I'm not saying he had anything to do with this. What I am saying is that if your query parameters are able to be manipulated, some hacker will...
Two recent studies have cast some light on the current state of web application security. How bad is it out there? Bad. 82% of web sites had either a Critical, High, or Urgent vulnerability within the past calendar year, with Cross-Site Scripting being the most prevalent. Once upon a time, Cross-Site...
A major state university is currently notifying as many as 160,000 students that their personal information (including social security numbers) might have been accessed in 2008. Complicating matters, the breach wasn't discovered until a year later. It used to be that universities were natural targets...
I've been thinking a bit more about the personal health information extortion attempt that's been in the news recently, and which Ken Swinney mentioned in his Keep the snakes at bay post yesterday. If you haven't been following the story, the gist is that a state agency responsible for identifying...
Recently, a state agency announced that their site had been compromised by computer hackers. The attackers left a ransom note on the web site claiming that they had captured 8.3 million patient records and 35.6 million prescriptions. The attackers also claimed to have created a password-protected, encrypted...