Language Selection

English French German Italian Portuguese Spanish

Online stores come under attack

Filed under
Security

The move to target the databases and programs that power online shops is a significant change in tactics.

In one case, an attacker got hold of a PC maker's entire customer list and sent everyone on it a nasty note.

"It's kind of like an arms race. It's the next logical step to go after the application itself," said Rob Straight from software firm Compuware.

"There are a lot of people that spend their time and energy to think of ways to break into applications maybe for fun and maybe for profit," he said.

Businesses connected to the net, and especially those that run online shops, are used to defeating all kinds of attacks. On a daily basis they have to cope with attempts to exploit known vulnerabilities as well as viruses and worms that try to slip through security software.

Evidence for just how new this is can be seen in the latest list of the Top 20 most vulnerable programs released in early May by the Sans Institute.

For the first time this list included such things as media players, anti-virus programs, web browsers and databases.

Vulnerabilities in browsers and media players are proving popular with the malicious hackers, said Gerhard Eschelbeck, chief technology officer at security firm Qualys and a Sans contributor.

Web shops and online banks were seeing far more attempts to inject working computer code into the databases and applications behind the scenes of many websites, said Donal Casey, spokesman for Diagonal Security.

Some attackers try to enter database commands into such fields just to see what happens. In such cases "unpredictable results" could see those commands executed and a database seriously compromised, said Mr Straight.

Attackers could end up with a store's entire customer list, including credit card numbers and bank account details.

Full Story.

Also

Also some Linux websites are getting hit too.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Kernel Space/Linux

Distros for Games

  • Editorial: Valve have not abandoned SteamOS or Linux, things are looking pretty good
    To re-iterate something I've said every time: SteamOS was never, ever going to be an overnight success. New platforms generally take quite some time to make a difference, but SteamOS has already made a massive difference to Linux gaming.
  • Meet Manjaro Linux Gaming 16.06, an Arch Linux-Based Distro Designed for Gamers
    Today, May 30, 2016, we would like to introduce our Linux readers to an upcoming edition of the Arch Linux-based Manjaro Linux operating system designed for gamers. Meet Manjaro Linux Gaming, a special flavor of the popular Manjaro Linux distribution built on top of the latest Arch Linux technologies, using a highly customized Xfce desktop environment with a dark setup to make it easy on your eyes, and preloaded with some of the best open-source software for gamers.

Upcoming Linux Events

  • Join the Linuxing in London Event to Celebrate Linux, Here Are All the Details
    I recently had a quick chat with Linux evangelist Brian Byrne, known by many as Brian Linuxing, who invited me to an upcoming event that I want to tell you about in this short and painless blog entry. The event is called Linuxing in London, and it is the first of its kind for those who live in London, England, or surrounding areas. It is a Linux event for those who are curious about Linux as an operating system for their personal computers, but also for vendors who want to distribute a free OS with open-source software on their devices.
  • ContainerCon and LinuxCon Japan 2016 Events to Take Place July 13-15 in Tokyo
    The Linux Foundation, a non-profit organization, trying to promote Linux and the open source ecosystem among IT professional, computer manufacturers, and enterprises, announced two important upcoming Linux events. LinuxCon Japan 2016 and ContainerCon Japan 2016 are two of the most anticipated Linux conference events in Asia, promising to bring together top experts from all over the world, including, but not limited to kernel developers, system administrators, IT industry leaders, community managers, and last but not least users.

Parsix GNU/Linux 8.10 and 8.5 Receive the Latest Security Fixes, Update Now

A lot of good things are happening lately for the Debian-based Parsix GNU/Linux operating system, and the distribution's maintainers announced a few hours ago, May 29, 2016, the availability of new security fixes for supported releases. Both the stable Parsix GNU/Linux 8.5 "Atticus" and the upcoming Parsix GNU/Linux 8.10 "Erik" operating system have received important security fixes for various core components, including expat, libgd2, libndp, ImageMagick, libidn, jansson, IceDove, libarchive, QEMU, Wireshark, librsvg, WebSVN, libxstream-java, xerces-c, swift-plugin-s3, and atheme-services. Read more