Top 5 Causes of Data Compromises: Totally Preventable

September 25, 2006
Dan Cornell

Still playing catch up so this is a few days behind…

Saw a great blog post a couple of days back that talks about the US Chamber of Commerce’s findings about the top 5 causes of credit card data loss.  They include:

  1. Storage of magnetic stripe data
  2. Missing or outdated security patches
  3. Use of vendor supplied default settings and passwords
  4. SQL injection
  5. Unnecessary and vulnerable services on services

Hrm… let’s take a look here.  Three of those (patches, vendor defaults, vulnerable services) are old-school infrastructure security no-nos.  Any organization should have had these bad practices solved a long time ago.  Storing data that you shouldn’t?  That is common sense-preventable.  And anybody who hasn’t scanned their applications for SQL injection is almost as irresponsible as the folks who don’t have their infrastructures in order.

Come on, folks.  We can do better.  Until basic stuff like this has been sorted out Internet-wide we are not going to make progress against identity theft.

–Dan
dan _at_ denimgroup.com

About Dan Cornell

A globally recognized application security expert, Dan Cornell holds over 15 years of experience architecting, developing and securing web-based software systems. As the Chief Technology Officer and a Principal at Denim Group, Ltd., he leads the technology team to help Fortune 500 companies and government organizations integrate security throughout the development process. He is also the original creator of ThreadFix, Denim Group's industry leading application vulnerability management platform.
More Posts by Dan Cornell

Categories: Web Application Security

Leave a Reply

Your email address will not be published. Required fields are marked *