3400 Bridge Parkway, Suite 101
94065 Redwood Shores, CA, us
+1 (207) 183 2834
Imperva attributes Guardian site hack to application level weaknesses
Amichai Shulman, Imperva's chief technology officer, said that the most eye-catching feature of the site hack is the use of the phrase 'sophisticated and deliberate attack.'
"Our experience shows that 'sophisticated attack' is usually a pseudonym for 'SQL Injection', although I must admit that an initial glimpse into the site hints that it may actually be a more sophisticated hack than the usual," he said.
"At the end of the day, however, I don't think that it's much more than SQL Injection, sophisticated or otherwise," he added.
"If it were a Trojan based attack (as happened in the TJX site hack - http://preview.tinyurl.com/ywdxf7) then they would have stated it by now and used a different wording like 'hackers who managed to break into the Guardian network.'"
According to Shulman, if, as seems likely, an SQL injection attack was to blame for the Guardian site hack, then tagging it as 'sophisticated' might be a bit misleading, though not uncommon.
Organisations, he explained, have a tendency in such attacks to attach superlatives to the attack techniques used in a compromise in order to diminish from their responsibility.
"The only positive thing one can say is that the Guardian is not itself to blame, as the BBC news report on the incident refer to a third party company supplying the service. This is small comfort to site users, however, who will now be worried about identity theft issues," he added.
For more on the Guardian site hack: http://preview.tinyurl.com/yfjectu
For more on Imperva: http://www.imperva.com
Die Nutzung von hier veröffentlichten Informationen zur Eigeninformation und redaktionellen Weiterverarbeitung ist in der Regel kostenfrei. Bitte klären Sie vor einer Weiterverwendung urheberrechtliche Fragen mit dem angegebenen Herausgeber. Bei Veröffentlichung senden Sie bitte ein Belegexemplar an email@example.com.