Site Security :: Is your website hackable? Why you need to worry (Page 2 of 3)

Authors: Maximum article exposure. Publishers: Reprintable article content.

BROWSE ARTICLES

	ArticleBiz.com Home
	Featured Articles
	Recently Added Articles
	Most Viewed Articles
	Article Comments
	Advanced Article Search

AUTHORS

	Submit Article
	Check Article Status
	Author TOS

PUBLISHERS

	RSS Article Feeds
	Terms of Service

Is your website hackable? Why you need to worry

Home :: Computers & Technology :: Site Security
By: Kevin James Vella	Email Article
Word Count: 1249	Digg it \| Del.icio.us it \| Google it \| StumbleUpon it

The following are some of the recent university hacks due to web application vulnerabilities:

* Last month, a hacker infiltrated a massive database from the University of California, Los Angeles, containing personal information (including social security numbers, dates of birth, home addresses and contact information) on 800,000 people in one of the worst computer breaches ever at a US university. * In January 2007, the University of Arizona reported a breach happening November and December last year that effected several services according to the Privacy Clearing House. The number of effected records is as yet undisclosed. * In December 2006, University of Colorado – Boulder experienced a hack attack that resulted in the theft of thousands of names and social security numbers – a total of 17,500 records were compromised. * University of Texas, Dallas, reported in December 2006 that the data of 35,000 individuals (current students and alumni) was compromised. Social security numbers were exposed, according to the Privacy Clearing House.

Changing Trends in What Motivates Hackers

According to Zone-H, the top 50 attackers defaced a total of approximately 2.5 million websites all over the globe. According to the CSI/FBI Computer Crime and Security Survey 2005, one of the most dramatic findings was the exponential increase in website defacement experienced by their respondents: in 2004, 5% of the respondents experienced defacement while in 2005 that figure went up to 95%. Recent trends over the past 12 months show that there is a shift from such disruptive vandalism that gains notoriety towards theft of data that translates into profit. The report on 2006 is still to be published.

Statistics

Since many organizations do not monitor online activity at the web application level, hackers have free reign and even with the tiniest of loop holes in a company’s web application code, any experienced hacker can break in using only a web browser and a dose of creativity and determination. It seems that most hack attacks are discovered months after the initial breach simply because attackers do not want and will not leave an audit trial. In web application attacks physical evidence (e.g., a missing database) is inexistent – hackers are interested in stealing the data and leaving it intact.

Recent research by a leading research firm shows that 75% of cyber attacks are done at web application level. As yet unpublished research at Acunetix seems to corroborate this finding. Competing web application security organizations record similar data.

The Privacy Clearing House reports more interesting findings including the fact that over 100 million records have been compromised since February 2005. However this figure excludes the TJX episode of around 40 million records. Out of a total of around 140 million approximately 80 million were due to hacking attacks. Having said this it is not known whether the TJX episode was a network or a web application breach.

Page 2 of 3 :: First | Last :: Prev | 1 2 3 | Next

Kevin James Vella is Vice President Sales and Operations of Acunetix, Website Security. a developer of web application security software. Kevin has written articles & whitepapers about website security, web application security and SQL Injection.

Article Source: http://www.ArticleBiz.com