Language Selection

English French German Italian Portuguese Spanish

Online stores come under attack

Filed under
Security

The move to target the databases and programs that power online shops is a significant change in tactics.

In one case, an attacker got hold of a PC maker's entire customer list and sent everyone on it a nasty note.

"It's kind of like an arms race. It's the next logical step to go after the application itself," said Rob Straight from software firm Compuware.

"There are a lot of people that spend their time and energy to think of ways to break into applications maybe for fun and maybe for profit," he said.

Businesses connected to the net, and especially those that run online shops, are used to defeating all kinds of attacks. On a daily basis they have to cope with attempts to exploit known vulnerabilities as well as viruses and worms that try to slip through security software.

Evidence for just how new this is can be seen in the latest list of the Top 20 most vulnerable programs released in early May by the Sans Institute.

For the first time this list included such things as media players, anti-virus programs, web browsers and databases.

Vulnerabilities in browsers and media players are proving popular with the malicious hackers, said Gerhard Eschelbeck, chief technology officer at security firm Qualys and a Sans contributor.

Web shops and online banks were seeing far more attempts to inject working computer code into the databases and applications behind the scenes of many websites, said Donal Casey, spokesman for Diagonal Security.

Some attackers try to enter database commands into such fields just to see what happens. In such cases "unpredictable results" could see those commands executed and a database seriously compromised, said Mr Straight.

Attackers could end up with a store's entire customer list, including credit card numbers and bank account details.

Full Story.

Also

Also some Linux websites are getting hit too.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Oracle Adds Initial Support for Linux Kernel 4.14 LTS to VirtualBox

Oracle recently updated their VirtualBox open-source and cross-platform virtualization software with initial support for the latest Linux 4.14 LTS kernel series. VirtualBox 5.2.2 is the first maintenance update to the latest VirtualBox 5.2 stable series of the application, and it looks like it can be compiled and used on GNU/Linux distribution running the recently released Linux 4.14 LTS kernel. It also makes it possible to run distros powered by Linux kernel 4.14 inside VirtualBox VMs. Read more

Today in Techrights

today's leftovers

  • How a Linux stronghold turned back to Windows: Key dates in Munich's LiMux project [Ed: This explains the progression of Microsoft's war on GNU/Linux, typically using proxies]
    The project is temporarily put on hold while a study investigates whether it could be derailed by software patents.
  • End of an open source era: Linux pioneer Munich confirms switch to Windows 10 [Ed: Microsoft paid (bribed) all the right people, got a Microsoft fan -- by his own admission -- in power, gifted him for this]
    Mayor Dieter Reiter said there's never been a unified Linux landscape in the city. "We always had mixed systems and what we have here is the possibility of going over to a single system. Having two operating systems is completely uneconomic.
  • Ubuntu Podcast: S10E38 – Soft Knowledgeable Burn
    This week we refactor a home network, discuss how gaming on Linux has evolved and grown in recent years, bring you a blend of love and go over your feedback.
  • Live ISOs for Slackware-current 20171122
    I have released an update of the ‘liveslak‘ scripts. I needed the tag for a batch of new ISO images for the Slackware Live Edition. These are based on the latest Slackware-current dated “Wed Nov 22 05:27:06 UTC 2017“) i.e. yesterday and that means, the ISOs are going to boot into the new 4.14.1 kernel.
  • Am I willing to pay the price to support ethical hardware?
    The planned obsolescence is even worse with tablets and smartphones, whose components are all soldered down. The last tablet with a removable battery was the Dell Venue 11 Pro (Haswell version) announced in October 2013, but it was an expensive Windows device that cost as much as a mid-range laptop. The last Android tablet with a removable battery was the Samsung Galaxy Note 10.1 (GT-N8000 series), released in August 2012. It is still possible to find mid-range smartphones with removable batteries. Last year the only high end phones with removable batteries were the LG G5 and V20, but even LG has given up on the idea of making phones that will last longer than 2 years once the battery starts to degrade after roughly 500 full charge and discharge cycles. Every flagship phone introduced in 2017 now has its battery sealed in the case. According to the gmsarena.com database, the number of new smartphone models with non-replaceable batteries grew from 1.9% in 2011 to 26.7% in 2014, and now to 90.3% in 2017. It is highly likely that not a single model of smartphone introduced next year will have a replaceable battery.

More Coverage of New Lumina Release

  • Lumina 1.4 Desktop Environment Released
    The TrueOS BSD folks working on their Qt5-powered Lumina Desktop Environment have issued a new feature update of their open-source desktop.
  • Lumina Desktop 1.4.0 Released
    Lumina 1.4.0 carries a number of changes, optimisations, and feature improvements. Lumina is the default desktop of TrueOS, a BSD-based operating system. The desktop itself is lightweight, modular, built using Qt, and uses Fluxbox for window management. Although Lumina is mostly aimed at BSD users it also runs on Linux, including Fedora, Arch and — *mario coin sfx* — Ubuntu.