Comments on: Anti-Virus Vendor Hacked

By: diademed

diademed — Mon, 25 Feb 2008 05:38:36 +0000

Another important aspect of the security practice is recovery. As we saw recently demonstrated with Amazon’s S3 service, even services that specialize in “5 9’s” (99.999%) of service / uptime can be successfully attacked. Having the agility to counter an attack (or even an accident) and bring your services back online can be invaluable — much more so than preventing 99.9% of all attacks, but being down for 3 days when an attack actually gets through.

By: Restaurant Pos

Restaurant Pos — Sat, 23 Feb 2008 20:54:42 +0000

Talk about security issues, we are a software development company based in the UK and specialise writing software in VB.net, we recently had a company come to us for a hospitality system and wanted to connect our software to there web environment for hotel reservation bookings, before we set about evaluating what was required we decided to test there site and found it was very insecure, we were able to crash the database using sql injection. Our first test we entered single quotes into a data field and submitted the form, this caused a server error and from there things went from bad to worse, needless to say the website had been outsourced and developed through a company based in Asia who have since gone out of business.

By: Robert

Robert — Sun, 10 Feb 2008 00:53:48 +0000

The article leads me to believe that that site was compromised due to poorly written php code. It is critically important when writing web applications that code be reviewed for security requirements as well as functionality and specifications. Most companies do not review code from a security perspective and issues like this arise.

The impact of this compromise is especially damaging to this company because end users rely on virus and security companies for their own security. If the ‘experts’ can’t get it right, who can?