Hi,
I was in the middle of writing up a blog post pulling together information about the Heartlands data breach after I read earlier that three people have been indicted for the Heartland hack until I came across Rich Mogull’s excellent blog post. No point in me re-inventing the wheel after he had done such a great job!
Some of the current highlights from the breach information are:
The hacker behind the Heartland breach is the same guy who hacked TJX, Hannafords and 7-Eleven
130 million credit card numbers have been stolen
SQL Injection appears to be the vulnerability that has been exploited
As I have said many times you have to stop these web application vulnerabilities otherwise you will get exploited! The Secure Development Principles would have prevented this exploit if the vulnerable application had been built following the guidance I outline in the principles.
Invest in security, build security in and constantly strive to improve your security development and testing processes or you will eventually get caught out.
SN
