THE RETAIL BULLETIN - The home of retail news
Click here
Home Page
News Categories
Commentary
Department Stores
Electricals and Tech
Entertainment
Fashion
Food and Drink
General Merchandise
Grocery
Health and Beauty
Home and DIY
Interviews
People Matter
Retail Business Strategy
Property
Retail Solutions
Electricals & Technology
Sports and Leisure
Christmas Ads
Shopping Centres, High Streets & Retail Parks
Retail Events
People in Retail Awards 2024
Retail HR Central 2024
The Future of The High Street 2024
Retail HR Summit
THE Retail Conference
Upcoming Retail Events
Past Retail Events
Retail Insights
Retail Solutions
Advertise
About
Contact
Subscribe for free
Terms and Policies
Privacy Policy
Durex India data breach – they should have used protection says Imperva

Reports that a Web site selling Durex condoms in India has suffered a data breach – with customers details being publicly available on the Internet –… View Article

RETAIL SOLUTIONS UK NEWS

Durex India data breach – they should have used protection says Imperva

31 March, 2010 | by

Reports that a Web site selling Durex condoms in India has suffered a data breach – with customers details being publicly available on the Internet – appears to be the result of business logic flaws.

“Web application hackers are focusing more and more on attacks that target vulnerabilities in the business logic, rather than in the application code,” explained Imperva CTO Amichai Shulman.  “Business logic attacks often remain undetected.  In fact, most business logic vulnerabilities are hard to anticipate and detect using automated test tools, such as static code analyzers and vulnerability scanners. Often, attack traffic resembles normal application traffic. Attacks are usually not apparent from code and are too diverse to be expressed through generic vulnerability scanner tests.”

“With the new Data Protection Act penalties just days away from being implemented by the Information Commissioner’s Office in the UK, and other regulators around the world adopting similar `get tough’ policies, it looks like data breaches need to look beyond basic vulnerabilities such as SQL injections,” said Shulman.

 

“As we’ve said in our various reports on the subject of Web site attacks, it’s always amazing that companies don’t think their site defences will be probed by increasingly sophisticated hackers, let alone inquisitive Internet users,” he added.

According to Shulman, the Durex Indian Web site security lapse was almost certainly the result of a simple logic attack using a technique known as parameter enumeration. 

Organisations that fail to take seriously security for their Web sites and allied Internet services, he explained, will inevitably suffer from attacks of this type, which can be an expensive option on the regulatory front, as well as when lawsuits come knowing at their door.

“And the fall-out from this saga is that the company has now been severely embarrassed internationally, and that’s before any legal or regulatory action is involved,” he said.

“Companies need to wake up and smell the coffee when it comes to Web site security. A failure to make a modest investment at the development and implementation stages can result in considerably more cost – and damage to reputation – in the longer term,” he added.

Subscribe For Retail News