Saturday, August 22, 2009

Heartland Lessons

The Heartland Payment Systems data breach that resulted in the theft of more than 130 million credit and debit card numbers dominated the news during the past couple of weeks. The company is the world's ninth largest credit processing company. So you would think that they would have taken the necessary precautions to prevent breaches of this nature from occurring. I say this against the backdrop of the breach being due to a sql injection vulnerability. The vulnerability is well understood, and security analysts have warned retailers about it from time immemorial. Sql injection is in fact so popular that it is the most common form of attack against Web sites.

I often felt that hackers employed techniques found only in rocket science manuals. However since becoming a part of the infosec world I have come to the realization that it is in fact not so. Now don't get me wrong some exploits can be looked at as a work of art. And therefore will require some doing. However the majority of attacks do not fall into that category.

This latest incident is testament to that fact. Sql injection is at the script kiddie level of attacks. As there are several tools available that simply require you to point, click and viola you're done.

So when a company like Heartland falls prey to attacks like this it is just unbelievable. Recall that sql injection attacks seek to exploit one of the basic tenets of web application development. And that is you should not trust ANY input from the user.

This article over at Dark Reading should serve as a timely reminder of the impact such vulnerabilities can have and some steps you can take to mitigate against such attacks.

Infiltrating A Botnet

I have always had an interest in Botnets. So when I came upon this article posted by awesec on Ethicalhacker it immediately piqued my interest. Incidentally if you have not already checked out the folks over at ethicalhacker you should go say hello.

So back to the article at hand. A Cisco research team while on an assignment recently, noticed a tremendous number of alerts including IRC activity, far larger than anything that could be benign, were occurring on the customer’s network. It turned out that the machines had been compromised and had become a part of a botnet.

The article explains how they got rid of the Botnet but more interestingly gives some insights into the mind and motives of a botmaster. It really is an interesting read.