The website’s intended facade was replaced with a tearful picture of Maradona under the caption “We made you cry” after the Argentine team defeated Peru 2 to 1 on Saturday.

Under Maradona’s image, the hacker included a Peruvian team photo proclaiming “For the biggest cry baby of all time. We didn’t win at the football, but we did on the web!” And as a final insult, Elite Peruvian threw in a soundtrack of Peruvian folk music playing in the background.

Details on how the hacker accessed Maradona’s website are forthcoming, but you can see images of the defacement on Graham Cluley’s blog. Referring back to Maradona’s 1986 FIFA World Cup quarter finals match, Mr. Cluley suggests Maradona seek a more concrete website security solution than the “Hand of God.”

We agree. For website security, FireHost may be the best option.

In reality, the latest sum TJX has to pay is small potatoes compared to the capital outlay the retailer has made since 2007 to mitigate the security breach that exposed 45 million credit and debit card numbers. When the leak was discovered, TJX set aside $107MM to deal with the fallout and the expenditures to date are in that range. In two of the largest settlements, they’ve paid $24MM to MasterCard and $41MM to Visa banks. In addition, TJX has been ordered to undergo costly external audits every other year for 20 years by the FTC.

Is it 100% possible for companies to avoid costly and negative public facing situations such as this?

Maybe not, but there is quite a lot you can learn from past system compromises to help prevent making the same mistakes. In fact, PCWorld Canada has compiled a “top ten” list of vulnerabilities companies maintaining a serious presence online should know about.

1. Operating System Flaws
2. SQL Injections
3. Drive-by Downloads
4. Compromised Password(s)
5. Social Engineering
6. Malicious Email
7. Physical Access
8. Compromised Network
9. Wireless Hacking
10. Weak Access Points

These vulnerabilities require more than software patches and basic anti-virus software to keep your network and data safe from hackers, and most companies don’t have all the resources available necessary to provide complete protection.

“Instead of relying on costly, in-house expertise, many firms are looking outward to goal-focused security consultants to help identify openings hackers could easily exploit,” said Chris Drake, FireHost CEO. “We recommend that every client undergo a security audit just to ensure everything within your power is being done to help prevent confidential internal and consumer data from leaking into the wrong hands.”

During the presentation, we will demonstrate how easily cyber criminals can compromise a website and provide real “is hacked” examples that have taken businesses offline. We will also reveal some common (and easily patched) website vulnerabilities so you leave armed with key defense tactics that can be put in place immediately.

Session Agenda Includes:

• Hacker Profiles and Motives
• Open Source Vulnerabilities
• The Security Ecosystem
• Hot to Protect Your Website

Do not miss this opportunity. Take the first step toward protecting your business’ online identity. One lucky audience member will receive 6 months free, secure website hosting, so register now!

A lack of threat awareness is not the problem. The study shows that almost all businesses in this category have installed anti-virus programs and kept security systems up to date, but a large number of SMBs still become victims of cyber crimes. When disaster strikes, viruses (41%) followed by spyware (26%) are most often the cause.

In a conversation with SC Magazine, Luis Corrons, PandaLabs technical director suggested, “these companies often lack the in-house staff and resources to fight off increasingly sophisticated and exponentially more targeted Internet attacks.”

The study’s results support Mr. Corrons claim that SMBs are not or able (or willing) to allocate the appropriate resources to close vulnerabilities and properly secure their environment.

• 52% of survey respondents have no web filtering solution
• 39% are untrained/unaware of IT threats
• 29% have no anti-spam solution
• 22% are without anti-spyware technology
• 16% do not have a firewall

So what should small and medium size business owners do?

Network vulnerability scans provide extremely high value. A thorough scan of your website(s), database(s), and application(s) can identify disasters waiting to happen. With a starting pricepoint around $100 each, vulnerability scans provide SMBs an affordable way to identify open ports, SQL injections, cross-site scripting (XSS) attempts, holes in JavaScript and web forms, and much more.

In fact, websites that incorporate these features accounted for 21% of hacking incidents reported in the first quarter of 2009. The top threats to “socially enabled” websites are SQL Injections (21% of attacks), Authentication Abuse (18%), and Cross Site Request Forgery – CSRF (8%). You may download a full copy of Secure Enterprise’s report here.

“Businesses often use open source applications like Community Server, WordPress, and Drupal to integrate social features into their websites. Every enterprise deserves the ability to keep content fresh by using blogs and forums. It’s great for marketing and user retention. We help facilitate these mediums by addressing vulnerabilities in open source software all the way from module installation to hosting,” encourages FireHost CEO, Chris Drake.

FireHost CTO, Kevin Wall explains why a holistic approach to site development and hosting is important.

“Often the application itself isn’t unstable; it’s the add-ons and plug-ins site owners use to extend the installation that cause problems. Our engineers are well-versed in the nuances of open source platforms. We’re different because we can help you navigate thru the many open source options available and determine which will achieve your marketing goals. Finally, we install open source applications in a way that helps protect you from hackers.”

To learn more about how FireHost can help secure your favorite open source platform, visit our secure platform hosting page.

According to a survey by Robert Half Technology, seven out of ten CIOs interviewed reported their companies would be investing in new information technology initiatives over the next year. 43% of the respondents overall reported information security as a top priority, and in the financial services and transportation sectors, information security was cited most often as the top priority.

“Although times are lean, many companies are finding that they can’t afford to postpone IT investments that lead to increased security, efficiencies or revenues,” stated Dave Willmer, Executive Director of Robert Half Technology. “Organizations also are trying to make sure they are prepared for growth when conditions improve, and enhancing their IT infrastructure is part of that process.”

Over the past year, there has been a significant rise in the number of malicious attacks on company websites. Symantec identified a 165% in malicious code signatures and cited that the explosive growth can be attributed to the professionalism of malicious code development, supporting the demand for goods and services that facilitate online fraud.

Vulnerable targets are numerous, however increased threat awareness and security investments can help stem the tide. The two biggest threats to website security are open source vulnerabilities and injection attacks, which often allow the disruption and infiltration of web servers. The results can be devastating for companies and their customers, ranging from the theft of confidential information to the insertion of malware.

Properly securing your company’s website and online databases can reduce the risk of a hacking attempt. FireHost uses enterprise, web application firewalls, traffic monitoring, threat detection, automated attack mitigation, and constant monitoring by human personnel to help prevent the serious application-level attacks that negatively impact hundreds of companies and millions of customers every year.

Click here to learn more about our advanced secure web hosting techniques.

“Xssed.com lists nearly 13,000 Web pages that hosted cross-site scripting vulnerabilities, including a large number at trusted and high-traffic Web sites such as yahoo.com, google.com, msn.com, myspace.com and facebook.com, and cnn.com.”

Cross-site scripting vulnerabilities can be used to execute sophisticated phishing attacks, so they represent a significant threat to many internet users, including casual and social surfers. Further compounding the problem, only 3% of the 13,000 recorded web pages harboring cross-site scripting vulnerabilities were fixed last year, according to reports from Symantec.

As more and more malicious hackers exploit cross-site scripting vulnerabilities, tens of thousands of websites could be used to prey on millions of internet users.

In fact, as hackers have become adept in cross-site scripting (XSS) exploitation, they have deployed web-based worms against social networks like Twitter. These worms may not have caused significant damage yet, but users still run the risk of being lured into downloading malicious programs masquerading as a fun plug-in or anti-virus software.

At FireHost, we take the threat of cross-site scripting (XSS) exploitations very seriously. As part of our industry-leading secure web hosting environment, we use sophisticated, enterprise application firewalls to help prevent hackers from exploiting the web applications used to execute cross-site scripting attacks.

Start protecting your website, business, and customers by discovering the difference in FireHost’s unrivaled security. Visit FireHost.com and contact a FireHost Agent today.

If an up and coming hacker/prodigy can penetrate the network of a publicly traded, global corporation with a security division, imagine how easily he could ruin your business.

Now that FireHost has physical operations in two, strategically located data centers, we’re able to protect your website with an even more secure hosting environment than before.

• R1Soft Barebones Backup service subscribers’ files are encrypted and transported over 1,000 miles away to our secondary DC in Scottsdale every day.
• Every secure web hosting client has peace of mind that website and database files have redundancy built in as a standard feature of the secure web hosting package.
• FireHost offers secure hosted exchange customers unprecedented email redundancy and security because the contents of your inbox are completely synced in both data center locations. We maintain copies of your communications in two, safe locations more than a thousand miles apart.

Website disaster prevention and protection starts with investing in a professional, secure web hosting and online backup plan. FireHost fits that description working every day to ensure that if an asteroid hits Dallas or aliens invade Scottsdale, your website data will be just fine.

SQL Injections are the number one vulnerability exploited by hackers, by far. According to security vendor Sophos, 16,000 new websites are hit by the attacks every day. WordPress, Joomla, Drupal, .NET, classic ASP, PHPBB websites have all been hit with SQL Injections. Do NOT roll the dice on this one! Every web site big or small is vulnerable to injection by automated scripts attempting SQL-Injections through your webforms, dynamic URLs, etc.

This video from Graham Cluley of Sophos discusses the impact of a SQL Injection that hit BusinessWeek.

What can you do NOW to help secure your website?

1. Ensure all logins use strong passwords
2. Employ web form validation and/or CAPTCHA
3. If you’re using a CMS or website platform, ensure it’s up-to-date (including all plug-ins)
4. Ensure all components are current (ASPupload, etc)
5. Use static URLs instead of dynamic URLs

FireHost takes SQL Injection protection to the next level by:

1. Analyzing your website and web applications to assess the potential for SQL Injections and other hacking vulnerabilities
2. Protecting your website using our secure and transparent Web Application Firewall
3. Monitoring your website for new vulnerabilities