Dozens of College Servers Breached by SQL Injection {2}

by Eric C
Not only is the design and performance of databases an important aspect in the way databases work, but also the security of a database. There are many types of attacks that can be done to a database and the most common is a SQL injection. In a news article from CNET, hackers were able to collect thousands of personal data of students from college databases worldwide through the use of SQL injections. More than fifty universities were affected, and some of the top name colleges include Harvard, Princeton, and Stanford. To make matters worse, some 140,000 records were posted online for all to download. The information includes usernames and passwords, addresses, phone numbers, and some payroll information regarding both students and faculty. The mastermind behind this data dump is apparently by a group called GhostShell, whose intent was not to reveal personal data, but was to “focus on higher education.” However, the group not only found personal data, but also discovered that malware were already injected in the first place, showing the security risks many of these database servers have. read more...

Protecting Against Data Breaches {1}

by Alexander V

The article is about Application Security, Inc.’s (AppSecInc) DbProtect Precision DAM (Database Activity Monitoring) software. AppSecInc is a leading provider of database security solutions who introduced their DbProtect Precision DAM software in response to the recent rise in breaches of database security. This software was designed to be low-maintenance and easy to use, addressing the main reason why many organizations do nothing to prevent security breaches—complexity. According to the article, a recent survey conducted at the 2011 Gartner Security &Risk Management Summit found that more than 90% of attendees had high profile breaches similar to Sony and only 23% took preventative measures. In addition to that, the article states that Verizon’s 2010 Data Breach Report showed that 96% of breaches could have been easily avoided. Josh Saul, the CTO of AppleSecInc states that thieves thrive off the inactivity of organizations in preventing data breaches. DbProtect Precision DAM provides efficient and effective monitoring based on user-defined policies such as “reduction in the scope of required database activity monitoring” and “reduced risk of data loss.” The software also “allows organizations to monitor for deviations from normal authorized activity”; examples include monitoring privileged user activities and new avenues of attack. read more...