Getting Started - Implementing Database Security and Auditing

Databases Reference

In-Depth Information

while officials declined to state which vendor's database was the sub-

ject of the attack they did report that it was a “commercially available

product with a known vulnerability that was exploited.”

In Jan 2005 the following was reported by Security Focus (http://

www.securityfocus.com/news/10271):

A sophisticated computer hacker had access to servers at wireless

giant T-Mobile for at least a year, which he used to monitor U.S.

Secret Service e-mail, obtain customers' passwords and Social Secu-

rity numbers, and download candid photos taken by Sidekick users,

including Hollywood celebrities, SecurityFocus has learned… by late

July [of 2004] the company had confirmed that the offer was genu-

ine: a hacker had indeed breached their customer database

The answer to the second set of questions—why now?—is a conver-

gence of several factors—almost a “perfect storm.” True, the database has

been around for a long time, but the following trends are dominating the

last few years:

E-commerce and e-business

New and wonderful ways to use databases

Increased awareness among the hacker community

Widespread regulations that pertain to IT and to security

E-commerce and e-business have changed the way we live. We buy from

online retailers, we pay our utility bills using online banking sites, and

more. Businesses have optimized their supply chains and use Customer

Relationship Management (CRM) software to manage relationships with

their clients. In doing so, systems have become much “closer” to each other

and much “closer” to the end users. Sure, we use firewalls to secure our net-

works and we don't connect databases directly to the Internet, but you'll see

in Chapter 5 that there is more than one way to skin a cat and that data-

bases are far more exposed than they used to be. Ten years ago the database

was accessed by applications that were only available to internal employees.

Now it is (indirectly through the application) accessed by anyone who has

access to the Web site (i.e., everyone in the world).

Search WWH ::

Custom Search

Home