Even if you’re not a football fan, you’ve probably seen news about Argentinean Coach Diego Maradona’s website being defaced by a Peruvian fan/hacker “Elite-Peruvian”.
The website’s intended facade was replaced with a tearful picture of Maradona under the caption “We made you cry” after the Argentine team defeated Peru 2 to 1 on Saturday.
Under Maradona’s image, the hacker included a Peruvian team photo proclaiming “For the biggest cry baby of all time. We didn’t win at the football, but we did on the web!” And as a final insult, Elite Peruvian threw in a soundtrack of Peruvian folk music playing in the background.
Details on how the hacker accessed Maradona’s website are forthcoming, but you can see images of the defacement on Graham Cluley’s blog. Referring back to Maradona’s 1986 FIFA World Cup quarter finals match, Mr. Cluley suggests Maradona seek a more concrete website security solution than the “Hand of God.”
We agree. For website security, FireHost may be the best option.
Two and a half years after retail giant TJX Companies, Inc (parent company to TJ Maxx, Marshalls, and Home Goods) experienced one of the largest data breaches in history, the firm is still paying. This time, the settlement provides $9.7MM across 41 states to help protect consumers from payment card negligence. One quarter of those funds are devoted to creating a national fund that will investigate future data breaches.
In reality, the latest sum TJX has to pay is small potatoes compared to the capital outlay the retailer has made since 2007 to mitigate the security breach that exposed 45 million credit and debit card numbers. When the leak was discovered, TJX set aside $107MM to deal with the fallout and the expenditures to date are in that range. In two of the largest settlements, they’ve paid $24MM to MasterCard and $41MM to Visa banks. In addition, TJX has been ordered to undergo costly external audits every other year for 20 years by the FTC.
Is it 100% possible for companies to avoid costly and negative public facing situations such as this?
FireHost’s CEO, Chris Drake will host a website security webinar for Business Owners and CTOs on Tuesday, August 18th at 11am CDT.
During the presentation, we will demonstrate how easily cyber criminals can compromise a website and provide real “is hacked” examples that have taken businesses offline. We will also reveal some common (and easily patched) website vulnerabilities so you leave armed with key defense tactics that can be put in place immediately.
Session Agenda Includes:
Hacker Profiles and Motives
Open Source Vulnerabilities
The Security Ecosystem
Hot to Protect Your Website
Do not miss this opportunity. Take the first step toward protecting your business’ online identity. One lucky audience member will receive 6 months free, secure website hosting, so register now!
Panda Security‘s most recent report indicates that thirty percent of small and medium size businesses worldwide have been infected with malware, and businesses based in the US are even more susceptible. Close to half (44%) of US based SMBs have lost time and productivity due to some form of cybercrime.
A lack of threat awareness is not the problem. The study shows that almost all businesses in this category have installed anti-virus programs and kept security systems up to date, but a large number of SMBs still become victims of cyber crimes. When disaster strikes, viruses (41%) followed by spyware (26%) are most often the cause.
In a conversation with SC Magazine, Luis Corrons, PandaLabs technical director suggested, “these companies often lack the in-house staff and resources to fight off increasingly sophisticated and exponentially more targeted Internet attacks.” (more…)
Data compiled by Secure Enterprise 2.0 indicates that businesses who incorporate Web 2.0 functionality like social networks, wikis, and blogs are the most popular targets for hackers.
In fact, websites that incorporate these features accounted for 21% of hacking incidents reported in the first quarter of 2009. The top threats to “socially enabled” websites are SQL Injections (21% of attacks), Authentication Abuse (18%), and Cross Site Request Forgery – CSRF (8%). You may download a full copy of Secure Enterprise’s report here.
“Businesses often use open source applications like Community Server, WordPress, and Drupal to integrate social features into their websites. Every enterprise deserves the ability to keep content fresh by using blogs and forums. It’s great for marketing and user retention. We help facilitate these mediums by addressing vulnerabilities in open source software all the way from module installation to hosting,” encourages FireHost CEO, Chris Drake.
FireHost CTO, Kevin Wall explains why a holistic approach to site development and hosting is important. (more…)
Despite a challenging economy, many companies are making room in their budgets for investments in information security initiatives.
According to a survey by Robert Half Technology, seven out of ten CIOs interviewed reported their companies would be investing in new information technology initiatives over the next year. 43% of the respondents overall reported information security as a top priority, and in the financial services and transportation sectors, information security was cited most often as the top priority.
“Although times are lean, many companies are finding that they can’t afford to postpone IT investments that lead to increased security, efficiencies or revenues,” stated Dave Willmer, Executive Director of Robert Half Technology. “Organizations also are trying to make sure they are prepared for growth when conditions improve, and enhancing their IT infrastructure is part of that process.”
Over the past year, there has been a significant rise in the number of malicious attacks on company websites. Symantec identified a 165% in malicious code signatures and cited that the explosive growth can be attributed to the professionalism of malicious code development, supporting the demand for goods and services that facilitate online fraud.
Recently, Brian Krebs from the Washington Post reported that thousands of insecure websites were identified last year, many of which contained cross-site scripting (XSS) vulnerabilities. The stunning revelation in this report is the sheer number of websites that harbor the cross-site scripting (XSS) vulnerability.
“Xssed.com lists nearly 13,000 Web pages that hosted cross-site scripting vulnerabilities, including a large number at trusted and high-traffic Web sites such as yahoo.com, google.com, msn.com, myspace.com and facebook.com, and cnn.com.”
Earlier this month, 21 year-old hacker, Philip Gabriel Pettersson (aka “Stakkato”), was named in a five-count indictment that includes one count of intrusion and two counts of trade secret misappropriation involving Cisco Systems, Inc. Read more at UPI.com
If an up and coming hacker/prodigy can penetrate the network of a publicly traded, global corporation with a security division, imagine how easily he could ruin your business.
SQL Injections have website owners and developers running scared. If you haven’t heard of a SQL Injection, then you better listen up and hit Google university.
SQL Injections are the number one vulnerability exploited by hackers, by far. According to security vendor Sophos, 16,000 new websites are hit by the attacks every day. WordPress, Joomla, Drupal, .NET, classic ASP, PHPBB websites have all been hit with SQL Injections. Do NOT roll the dice on this one! Every web site big or small is vulnerable to injection by automated scripts attempting SQL-Injections through your webforms, dynamic URLs, etc.
This video from Graham Cluley of Sophos discusses the impact of a SQL Injection that hit BusinessWeek.
Even if you’re not a football fan, you’ve probably seen news about Argentinean Coach Diego Maradona’s website being defaced by a Peruvian fan/hacker “Elite-Peruvian”.
Two and a half years after retail giant TJX Companies, Inc (parent company to TJ Maxx, Marshalls, and Home Goods) experienced one of the 
FireHost’s CEO, Chris Drake will host a website 
Data compiled by 
financial services and transportation sectors, information security was cited most often as the top priority.
Recently, Brian Krebs from the Washington Post 
Earlier this month, 21 year-old hacker, Philip Gabriel Pettersson (aka “Stakkato”), was named in a five-count indictment that includes one count of intrusion and two counts of trade secret misappropriation involving Cisco Systems, Inc. Read more at 
