OK it was part of my Master course, and it was an attack against a sand-boxed compromised server, and the malware, to be honest, would not last a moment in the real world with the current state of the art when it comes to protecting customer payment information. However the basics were easy to code and for it to work I just built a server, and an e-commerce site and failed to install any patches or security.
This article from The Register looks at attacks that scrape credit card data from websites and application that have been compromised, because of lack of security thinking in the design, coding and maintenance.
It is a US FBI warning but if you have an ecommerce site that uses PHP, then is it time you did some due diligence on the security of that site?
How crooks backdoor sites and scrape credit card info • The Register
This story segues nicely into the data breach at The Texas Department of Insurance (TDI), back in January, which exposed 1.8 million users personal information.
Texas data breach exposes personal information of 1.8 million people – The Record by Recorded Future
It was released this week, that after an investigation this was not “a sophisticated attack”, but a coding error that gave access to a part of the application that should have been secure and protected. The users were of course depending on said application being secure and the operators and vendors of that application have carried out due diligence!
Their application is looking more like my university project.
Clive Catton MSc (Cyber Security) – by-line and other articles