Linux Today: Linux News On Internet Time.

More on LinuxToday

Heartland Hackers Caught; Answers and Questions

Aug 18, 2009, 20:02 (0 Talkback[s])


Desktop-as-a-Service Designed for Any Cloud ? Nutanix Frame

"To summarize the security issues:

"The attacks on Hannaford, Heartland, 7-Eleven, and the other 2 retailers used SQL injection as the primary vector. In at least some cases, it was not SQL injection of the transaction network, but another system used to get to the transaction network.

"In at least some cases custom malware was installed, which indicates either command execution via the SQL injection, or XSS via SQL injection to attack internal workstations . We do not yet know the details.

"The custom malware did not trigger antivirus, deleted log files, sniffed the internal network for card numbers, scanned the internal network for stored data, and exfiltrated the data. The indictment doesn't reveal the degree of automation, or if it was more manually controlled (shell)."

Recent Breaches- We May Have All the Answers speculates on the platforms and attack methods.

Complete Story

Related Stories: