Inside a retail hack

Date: Jan 23, 2009

According to Mandiant's Kevin Mandia, retailers are being compromised by one attack in particular: SQL injection.

In this keynote speech from Information Security Decisions 2008, Mandia takes you through a common retail hack and points out the attack tools being used to gain domain credentials and credit card numbers.

More on Web Application Security

Web application firewall: Protection against most security vulnerabilities?
VIDEO - Hugh Thompson, founder and chief security strategist at People Security, reviews why WAFs alone are not strong enough to tackle today's Web application threats.
New SQL injection attacks and defense
VIDEO - Lenny Zeltser, security consulting leader at Savvis Inc., explains how some are using SQL injection to actually embed new content, particularly HTML code.
CISSP Essentials training: Domain 6, Application and System Development
VIDEO - In this CISSP Essentials video, Domain 6, Application and System Development, expert CISSP exam trainer Shon Harris details how applications and systems are structured.
Microsoft spurs Browsium to rewrite tool for running IE6 on Windows 7
News - Microsoft has spurred Browsium to rewrite its tool for running IE6 on Windows 7, limiting the security threat posed by continued use of IE6.
( Feb 03, 2012 )
Survey sheds light on SharePoint security concerns
News - Respondents' top SharePoint security concerns include frustrated users who inadvertently or deliberately circumvent security policies.
( Jan 24, 2012 )
Jericho founder: Get involved in plan for protecting identity online
News - Respected identity expert Paul Simmonds says the NSTIC's identity project needs European involvement, or it may not meet Europe's needs.
( Jan 13, 2012 )
Emerging 2012 security trends demand information security policy changes
News - 2012 security trends involving cookies, fines, devices and threats will demand more skills -- and a little finesse -- from security professionals.
( Dec 29, 2011 )
Web application security guidelines for developers
Tip - The best way to mitigate Web app flaws is to prevent them in the first place. Learn how with these Web application security guidelines for developers.

Back to top

Networking UK
- UK Networkers should gear up for mobility implementations in 2012
  
  Companies are rethinking legacy tools to take advantage of what users get from having access to data and applications across all kinds of devices, according to TechTarget’s 2012 IT Priorities Survey.
- Cloud gets vote of confidence from UK buyers in 2012 IT priorities
  
  The cloud is set to be a key investment area for UK buyers in 2012 with 30.5% of IT buyers pledging to spend on the technology, according to TechTarget’s 2012 IT Priorities Survey.
- UK networkers look to wireless networks and IP telephony for 2012
  
  Wireless networks and IP telephony are set to be the most common networking initiatives implemented by UK users in 2012, according to TechTarget’s 2012 IT Priorities Survey
Virtual Data Centre
- Palmer's College scores on virtualisation, data centre consolidation
  
  Palmer's College's virtualisation and data centre consolidation project did not just improve IT efficiency and scalability, but also saves on data centre cooling costs.
- How IT can convince stakeholders of the value of technology projects
  
  IT professionals must take data centre measures to convince stakeholders of the business value of technology projects. This will help IT emerge as a valuable business resource.
- Virtualisation, cloud and compliance are top priorities for IT in 2012
  
  A TechTarget study finds that IT pros’ main priorities for 2012 are virtualisation, cloud computing and compliance. Experts show how they can carry these out with limited budget.
DataManagement UK
- Gartner: Business, analytics fail to connect, mobile BI gets real
  
  Gartner’s BI London summit will show a landscape beset by strategic misalignment, intra-organisational struggle and weak cloud adoption. Yet mobile BI is becoming a reality.
- 2012 training courses: BI, data management, data warehousing
  
  Find out where to hone your business intelligence, data management and data warehouse skills with this list of training courses for 2012.
- Deloitte spots analytics trends, ethics and open data
  
  Deloitte identifies four analytics trends: an increased focus on ethics, the rise of open data, new business models and a refusal to do analytics for its own sake.
Security
- Adobe issues support for Flash Player sandboxing in Firefox
  
  Adobe has launched the pubic beta of a new Flash Player sandbox feature for Firefox users, making attacks more difficult for cybercriminals.
- Enterprise mobile access: Considerations for two-factor mobile authentication
  
  Is two-factor mobile authentication the only answer to secure enterprise mobile access? Randall Gamby explores keeping mobile access under control.
- Nothing funny about SCADA and ICS security
  
  A researcher calls the state of industrial control system security “laughable” and warns of the consequences of unpatched critical infrastructure that is reachable over the Internet.
Cloud Security
- SaaS security: Weighing SaaS encryption options
  
  A look at SaaS encryption techniques and challenges.
- Panel debates cloud computing governance issues
  
  Problems with data governance in the cloud aren’t much different than traditional outsourcing.
- The proposed EU data protection regulation and its impact on cloud users
  
  Cloud customers and cloud providers would face stricter data security requirements under draft European regulation.
Information Security
- Microsoft spurs Browsium to rewrite tool for running IE6 on Windows 7
  
  Microsoft has spurred Browsium to rewrite its tool for running IE6 on Windows 7, limiting the security threat posed by continued use of IE6.
- SEC filing: VeriSign security breach in 2010 was limited, execs say
  
  In an October 2011 regulatory filing, VeriSign said its corporate network was breached in 2010, exposing data on a “small portion” of its systems.
- Apple updates OS X Lion to 10.7.3, releases Snow Leopard security fix
  
  Releases next major update to OS X Lion; pushes out security-only updates to Snow Leopard and other Apple software.

Latest Headlines

IT in Europe: Security Edition

Topics

Hot Topics

Advice & Tutorials

Technology Dictionary

Tips

Answers

Ask a Question

Research Library

Product Demos

Blogs

Inside a retail hack

Inside a retail hack

More on Web Application Security

More from Related TechTarget Sites