The funning thing about the excerpt below is that for the small cost of a web application scanner like the one offered by Acunetix, there would of likely been no breach. What would you rather have, a website hack and lost consumer confidence, or spend a few bucks to buy a quality web app scanner?
PRESS RELEASE
For immediate release
Hackers Steal 19,000 Personal Customer Details from AT&T Online
Store
Acunetix calls for regular website auditing to guard against the loss
of personal sensitive data through web vulnerabilities
London, UK – 01 September, 2006 – Last weekend, hackers pilfered the
personal data of nearly 19,000 DSL equipment customers through a
vulnerability in AT&T’s online store. The affected site was shut down
within hours of the attack being launched. In a statement, AT&T
attributed the motive of the attack to a criminal market for
illegally obtained personal information. In fact, the data also
included customers’ credit card details.
Todate, AT&T has not provided details about how the site was hacked,
however some unconfirmed reports attribute the website being
vulnerable to Cross Site Scripting (XSS).
This attack did not come without cost to AT&T. The company notified
each customer by e-mail and is now working with law enforcement
officials to track down the hacker. AT&T committed to pay for credit
monitoring services to protect those customers purchasing Digital
Subscriber Line (DSL) equipment online from possible fraud.
more…..
Assessing the security of a website
Websites with web applications such as shopping carts, forms, login
pages and dynamic content, in general, are always a prime target for
attack. To function fully, web applications require open and direct
access to backend databases: if improperly coded, web applications
become easy gateways to social security numbers, credit card details
and even medical records. Hackers experiment heavily with a wide
variety of techniques to lay their hands on this type of data since
the pay-offs are enormous.
Acunetix WVS protects against these attacks including Cross Site
Scripting and SQL Injection vulnerabilities. Furthermore, Acunetix
protects against the embedding of Javascript malware in a web page
through its JavaScript Analyzer. Such protection secures all AJAX
applications.
An automated check of AT&T’s website (using Acunetix WVS) could have
prevented this attack and saved the company from denting its
reputation and the subsequent loss of customer trust.
Acunetix provides free audit to help companies determine the security
of their websites
Enterprises who would like to have their website security checked can
register for a free audit by visiting www.acunetix.com/security-audit.
Participating enterprises will receive a summary audit report showing
whether their website is secure or not. Summary reports will be
delivered within five business days of submission.
About Acunetix Web Vulnerability Scanner
Acunetix Web Vulnerability Scanner ensures website security by
automatically checking for SQL injection, Cross site scripting and
other vulnerabilities. It checks password strength on authentication
pages and automatically audits shopping carts, forms, dynamic content
and other web applications. As the scan is being completed, the
software produces detailed reports that pinpoint where
vulnerabilities exist.
About Acunetix
Acunetix was founded to combat the alarming rise in web attacks. Its
flagship product, Acunetix Web Vulnerability Scanner, is the result
of several years of development by a team of highly experienced
security developers. Acunetix is a privately held company with
headquarters based in Europe (Malta), a US office in Seattle,
Washington and an office in London, UK. For more information about
Acunetix, visit: http://www.acunetix.com; http://www.acunetix.de.
All product and company names herein may be trademarks of their
respective owners.
For more information:
Please email Tamara Borg: [email protected]
Acunetix Ltd: Tel: (+44) 0845 6126712; Fax: (+44) 0845 6126716.
URL: http://www.acunetix.com.