Archive for the Category ◊ DataBase Security ◊

Understanding and Selecting Database Security Platforms
Wednesday, February 01st, 2012 | Author: admin

We love the Totally Transparent Research process. Times like this – where we hit upon new trends, discover unexpected customer uses cases, or discover something going on behind the scenes – are when our open model really shows its value. We started a Database Activity Monitoring 2.0 series last October and suddenly halted because our research showed that platform evolution has changed from convergence to independent visions of database security, with customer requirements splintering.

These changes are so significant that we need to publicly discuss them so can you understand why we are suddenly making a significant departure from the way we describe a solution we have been talking about for the past 6+ years. Especially since Rich, back in his Gartner days, coined the term “Database Activity Monitoring” in the first place. What’s going on behind the scenes should help you understand how these fundamental changes alter the technical makeup of products and require new vocabulary to describe what we see.

READ MORE …

FORD’s Weak Database Security!
Wednesday, February 01st, 2012 | Author: admin

My article is about a database scam that occurred recently. Illegal substances were caught in a woman’s car while she was crossing over from Mexico to the USA. The funny thing is that the woman wasn’t the one who put it and she didn’t know anything about it. The police did some investigation and found out that a gang accesses peoples information using the FORD database system. They tracked and wrote down the woman’s drivers plate. After that, they gave the plate number to a lock smith that can access the FORD database system without any problems. The smith obtains information about the cars key type and then makes one. The gang simply tracks the woman’s car and loads up the illegal substance onto it. Then when she reaches the US they just take the substances. The police never knew the actual people that did it. But they just knew that a lock smith entered FORD’s database system and searched for the plate number and got the information.

READ MORE …

The recent hack against a database full of FTP passwords held by Web hosting firm DreamHost highlights a growing database breach trend that’s seeing password stores exposed by the boatload. Though these databases contain sensitive authentication information, they’re often left far less protected than databases containing PII. Experts warn that if organizations are truly serious about their security and compliance programs, they need to either find better ways to secure the passwords in the databases they’re distributed across the network, or look for alternatives that will ditch this method of storage altogether.

First brought to light last week, the DreamHost breach exposed FTP credentials of all its shared hosting accounts when hackers broke into a database that contained a legacy table storing passwords in plain text.

“This particular breached database contained customer credentials to the FTP server. This allows potential hackers to use these credentials in order to impersonate customers when accessing the FTP server,” says Noa Bar-Yosef, senior security strategist at Imperva, “the impact of which is to access customer documents, download the documents and even upload their own documents.”

READ MORE …

NEW YORK, Jan 30, 2012 (BUSINESS WIRE) — Application Security, Inc. (AppSecInc) the leading provider of database security solutions for the enterprise and Unisphere Research, today unveiled the findings from the “Data Security At An Inflection Point: 2011 Survey Of Best Practices And Challenges.” The survey polled 524 enterprise IT and data managers, and the results reveal that the greatest challenge to database security may actually come from organizational issues, rather than nefarious or accidental acts. In most cases, database security is overseen by both database and security teams, thereby yielding a disconnect in ownership responsibilities as well as a lack of consensus on top priorities. According to respondents, Management, while showing increasing signs of threat awareness, continues to offer inadequate financial support.

Significant to the study was that the vast majority of those surveyed (81%) indicated that data security risks posed to their organizations have increased over the past three years. Among those that feel there is a greater risk today, four in five acknowledged that the greater technical proficiency and overall boldness of outside hackers and other malicious third parties was the leading factor contributing to the growing challenges.

READ MORE …

The Online Trust Alliance (OTA), an industry standards group, released this week its 2012 Data Protection and Breach Guide, which includes a review of 2011 data breaches and recommendations for businesses to prevent breaches and manage incidents.

The annual guide provides an analysis of the past year’s security breaches and offers companies a range of best practices in data security, privacy, and data collection.

In 2011, over 558 incidents were reported at a cost to US businesses of more than $6.5 billion, according to the guide. It is estimated over 50% were a result of a server exploit, of which 96% were avoidable if the recommendations outlined in the guide had been implemented, OTA said.

READ MORE …

Final phase of Mass. data protection law kicks in March 1
Saturday, January 28th, 2012 | Author: admin

Computerworld - All companies storing personal data on Massachusetts residents have just over a month to ensure that their contractors, suppliers, technology providers and other third parties comply with a provision of a state data breach law that went into effect in March 2010.

The law (download PDF) is designed to ensure that companies holding data on Massachusetts residents have certain security controls in place .

Over the past two years, most of the provisions of the bill have already gone into effect. The last one, which deals with third-party compliance, takes effect on March 1.

READ MORE …

The recent hack against a database full of FTP passwords held by Web hosting firm DreamHost highlights a growing database breach trend that’s seeing password stores exposed by the boatload. Though these databases contain sensitive authentication information, they’re often left far less protected than databases containing PII. Experts warn that if organizations are truly serious about their security and compliance programs, they need to either find better ways to secure the passwords in the databases they’re distributed across the network, or look for alternatives that will ditch this method of storage altogether.

First brought to light last week, the DreamHost breach exposed FTP credentials of all its shared hosting accounts when hackers broke into a database that contained a legacy table storing passwords in plain text.

“This particular breached database contained customer credentials to the FTP server. This allows potential hackers to use these credentials in order to impersonate customers when accessing the FTP server,” says Noa Bar-Yosef, senior security strategist at Imperva, “the impact of which is to access customer documents, download the documents and even upload their own documents.”

READ MORE …

Customer trust is an indispensable element of one-to-one marketing today. It’s the very foundation of a productive, profitable interaction between a company and its customers. Because so much of that one-to-one interaction takes place through various media channels, rather than in person, database security has become an increasingly important component of personalized customer communications.

READ MORE …

A government contractor is in custody for allegedly stealing proprietary software code from the Federal Reserve Bank of New York.

The FBI and U.S. Attorney for the Southern District of New York yesterday announced that Bo Zhang, 32, of Queens, N.Y., admitted to stealing the Government-Wide Accounting and Reporting Program (GWA) from the bank in July 2011 while he worked there as a contractor developing a piece of the GWA source code. He allegedly copied the GWA code onto an external hard drive owned by the bank and used it in a private computer programming training business.

“As today’s case demonstrates, our cyber infrastructure is vulnerable not only to cybercriminals and hackers, but also alleged thieves like Bo Zhang who used his position as a contract employee to steal government intellectual property. Fighting cyber crime is one of the top priorities of this office and we will aggressively pursue anyone who puts our computer security at risk,” said Manhattan U.S. Attorney Preet Bharara in a statement.

READ MORE …

Zappos Hack: Another Big Security Breach
Thursday, January 19th, 2012 | Author: admin

Shoe and clothing retailer Zappos reported that 24 million customers’ personal information may have been snagged by hackers. The incident is the latest to highlight the risk of large-scale data security breaches.

As a further complicating twist to the Zappos hack, the firm is owned by Amazon.com, a major cloud services provider. It is not yet clear whether Amazon was hosting the hacked database. But any link between Amazon and a hacking episode could be a potential setback to cloud adoption.

READ MORE …