Language Selection

English French German Italian Portuguese Spanish

Online stores come under attack

Filed under
Security

The move to target the databases and programs that power online shops is a significant change in tactics.

In one case, an attacker got hold of a PC maker's entire customer list and sent everyone on it a nasty note.

"It's kind of like an arms race. It's the next logical step to go after the application itself," said Rob Straight from software firm Compuware.

"There are a lot of people that spend their time and energy to think of ways to break into applications maybe for fun and maybe for profit," he said.

Businesses connected to the net, and especially those that run online shops, are used to defeating all kinds of attacks. On a daily basis they have to cope with attempts to exploit known vulnerabilities as well as viruses and worms that try to slip through security software.

Evidence for just how new this is can be seen in the latest list of the Top 20 most vulnerable programs released in early May by the Sans Institute.

For the first time this list included such things as media players, anti-virus programs, web browsers and databases.

Vulnerabilities in browsers and media players are proving popular with the malicious hackers, said Gerhard Eschelbeck, chief technology officer at security firm Qualys and a Sans contributor.

Web shops and online banks were seeing far more attempts to inject working computer code into the databases and applications behind the scenes of many websites, said Donal Casey, spokesman for Diagonal Security.

Some attackers try to enter database commands into such fields just to see what happens. In such cases "unpredictable results" could see those commands executed and a database seriously compromised, said Mr Straight.

Attackers could end up with a store's entire customer list, including credit card numbers and bank account details.

Full Story.

Also

Also some Linux websites are getting hit too.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Latest Linux For All Release Is Based on Ubuntu 16.04.1 LTS and Linux 4.9.5

GNU/Linux developer Arne Exton is informing us about the availability of a new stable build of his Linux For All (LFA) open-source computer operating system, versioned 170121. Based on the Ubuntu 16.04.1 LTS (Xenial Xerus) and Debian GNU/Linux 8 "Jessie" operating systems, Linux For All (LFA) Build 170121 appears to be a total rebuilt of the GNU/Linux distribution, having nothing in common with any of the previous releases. It now uses the newest Linux 4.9.5 kernel and latest package versions. Read more

Arch Anywhere ISO Lets You Install a Fully Custom Arch Linux System in Minutes

Meet Arch Anywhere, a new open-source project created by developer Dylan Schacht to help Arch Linux newcomers install the powerful and modern Linux-based operating system on their personal computers, or a virtual machine. Read more

Ubuntu Developers Now Tracking Linux Kernel 4.10 for Ubuntu 17.04 (Zesty Zapus)

The Ubuntu devs are preparing to move to a new kernel version for the upcoming release of the popular Linux-based operating system, and they are announcing the initial availability of a kernel based on the last RC of Linux 4.10. Read more

Applications 16.12.1 and Frameworks 5.30.0 by KDE available in Chakra

The latest updates for KDE's Applications and Frameworks series are now available to all Chakra users, together with some other package upgrades. Applications 16.12.1 include more than 40 recorded bugfixes and improvements, including a data loss bug in iCal resource for kdepim-runtime. kdelibs got updated to 4.14.28. Frameworks 5.30.0 ship with the usual bugfixes and improvements, mostly found in breeze icons, kio and plasma-framework. Read more