Language Selection

English French German Italian Portuguese Spanish

Online stores come under attack

Filed under
Security

The move to target the databases and programs that power online shops is a significant change in tactics.

In one case, an attacker got hold of a PC maker's entire customer list and sent everyone on it a nasty note.

"It's kind of like an arms race. It's the next logical step to go after the application itself," said Rob Straight from software firm Compuware.

"There are a lot of people that spend their time and energy to think of ways to break into applications maybe for fun and maybe for profit," he said.

Businesses connected to the net, and especially those that run online shops, are used to defeating all kinds of attacks. On a daily basis they have to cope with attempts to exploit known vulnerabilities as well as viruses and worms that try to slip through security software.

Evidence for just how new this is can be seen in the latest list of the Top 20 most vulnerable programs released in early May by the Sans Institute.

For the first time this list included such things as media players, anti-virus programs, web browsers and databases.

Vulnerabilities in browsers and media players are proving popular with the malicious hackers, said Gerhard Eschelbeck, chief technology officer at security firm Qualys and a Sans contributor.

Web shops and online banks were seeing far more attempts to inject working computer code into the databases and applications behind the scenes of many websites, said Donal Casey, spokesman for Diagonal Security.

Some attackers try to enter database commands into such fields just to see what happens. In such cases "unpredictable results" could see those commands executed and a database seriously compromised, said Mr Straight.

Attackers could end up with a store's entire customer list, including credit card numbers and bank account details.

Full Story.

Also

Also some Linux websites are getting hit too.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

today's howtos

Software: LibreELEC 8.0.1 (Kodi), MKVToolnix 10.0.0, Claws Mail 3.15)

  • LibreELEC (Krypton) v8.0.1 MR
    LibreELEC (Krypton) v8.0.1 MR is available bringing Kodi v17.1, hardware support for the Raspberry Pi Zero W, improved software HEVC decoding on RPi3/CM3 hardware, driver support for Fe Pi audio cards, and support for Cirrus Logic DAC audio cards (thanks to @HiassofT). The bump to Kodi v17.1 resolves several upgrade and user-experience issues we have seen with the initial Kodi v17.0 release, and happiness is enhanced for users wearing an official LibreELEC tee-shirt or hoodie.
  • LibreELEC 8.0.1 Is Out Based on Kodi 17.1, Adds Support for Raspberry Pi Zero W
    LibreELEC developers announced the release and general availability of the first maintenance update to the major LibreELEC 8.0 stable series of the Linux-based operating system built around the Kodi open-source media center.
  • NetworkManager 1.8 to Support Handling of PINs for PKCS#11 Tokens as Secrets
    Lubomir Rintel announced that the development of the NetworkManager 1.8 major release has kicked off with the availability of the first snapshot, versioned 1.7.2, for public testing.
  • MKVToolnix 10.0.0 Open-Source MKV Manipulator Improves H.264 and H.265 Parsers
    MKVToolnix developer Moritz Bunkus released a new major branch of his popular, open-source and cross-platform MKV (Matroska) manipulation software, versioned 10.0.0.
  • Claws Mail 3.15.0
    Claws Mail is a GTK+ based, user-friendly, lightweight, and fast email client.
  • Claws Mail 3.15 Open-Source Email Client Brings New Hidden Preferences, Bugfixes
    Claws Mail, the lightweight and open-source GTK+ based email client for Linux, UNIX, and Windows operating systems, was updated recently to version 3.15.0, a maintenance update that adds new functionalities and addresses a lot of bugs. Claws Mail 3.15.0 comes more than four months after the first point release to the 3.14 series of the application, and among the new features implemented we can mention a bunch of options that should help users configure Claws Mail when opening a selected message, such as checkboxes on the Display and Summaries page of Preferences.

Games for GNU/Linux

  • It looks like we may be getting a Planescape Torment Enhanced Edition
    Back in January Beamdog was looking for testers on a new game. Now the Planescape website has a countdown timer. It's legitimate too, as tweeted by the Beamdog and the D&D twitter accounts.
  • RTS game 'Deadhold' could come to Linux, considering an experimental Beta
    The developers of Deadhold [Steam, Official Site] want to support Linux and they are thinking about releasing an experimental Linux Beta.
  • Ten amazing Linux games you can play without WINE
    Those of us who have taken up the mantle of a Linux gamer know that our path is rarely easy. For a long time, few games were released for our chosen platform. Those that were shipped riddled with bugs, compatibility issues and rarely worked out of the box. Getting games to work require using WINE and deeply complex almost arcane workarounds to force windows games to work on our quirky systems. Unfortunately, games rarely worked well and usually required hours of complex tweaking in order to get them to function properly. To top this all of, there were graphics driver problems, optimization issues, peripherals rarely worked out of the box and our lives were generally difficult.

Ubuntu-Based LXLE 16.04.2 Gets an RC Build, Promises to Be the Best Release Ever

LXLE 16.04.2 is on its way to becoming the best release ever of the Ubuntu-based distribution built around the lightweight LXDE desktop environment, and it just received a Release Candidate (RC) build. Continuing to get all the goodies from Ubuntu 16.04.2 LTS (Xenial Xerus), LXLE 16.04.2 Release Candidate is here only two weeks after the last Beta milestone, and adds quite a bunch of improvements and bug fixes. These include a reconfigured menu layout to be less cluttered for navigation, and a revamped Control Menu to act as a dynamic Control Panel. Read more