iEntry 10th Anniversary RSS Archive

IT Management Begins With Security
SecurityProNews > News > Security News > Visa, Chamber Of Commerce Identify Vulnerabilites
Search:
[ news_security_news ]

Visa, Chamber Of Commerce Identify Vulnerabilites



Doug Caverly
Staff Writer
2006-09-19

SecurityProNews: Insider Reports Insider Reports RSS Feed


A recent report from Visa - available on the U.S. Chamber of Commerce's website - identified the "top five data security vulnerabilities leading to compromises." In addition to giving a brief description of each threat, the report weighed "risk impact," and offered "risk mitigation strategies."

Number one on the list was the "storage of track data (and other sensitive data)." "Track data is the information encoded and stored on two tracks located within the magnetic stripe on the back of a Visa card," the report explained. "Unfortunately, many merchants and service providers may be unknowingly storing this data . . ."

"Missing or outdated security patches" was given as the second security issue. "The timely application of security patches is key to managing this vulnerability . . . . Merchants should establish software upgrade policies and procedures to ensure patches are reviewed and installed in a timely manner."

Next up: "vendor-supplied default settings and passwords." "The default settings and passwords used to access hardware and software are easily guessed and often are well publicized in hacker chat rooms," the report stated. It recommended changing them "prior to deployment into production."

Fourth on the list was "SQL Injection," "a technique used to exploit Web-based applications by using client-supplied data in SQL queries." It is, essentially, a very bad thing that "can result in the crippling of the payment application or an entire e-commerce site." A number of tips for mitigating this risk followed the description.

"Unnecessary and vulnerable services on servers" was designated number five. "All necessary services or applications should be patched or secured," the report advised. "Any and all unused services or applications should be completely disabled or removed from all production environments. Disabling unnecessary services may also increase the system performance and improve stability . . ."

Tag:

Add to Del.icio.us | Digg | Yahoo! My Web | Furl

Get all the updates in RSS:




About the Author:
Doug is a staff writer for SecurityProNews, InternetFinancialNews, SearchNewz, and WebProNews.

More news_security_news Articles

SecurityProNews: Insider Reports Insider Reports RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Contact Us | Advertise | Newsletter Archive | Sitemap | Submit an Article | News Feeds
SecurityProNews is an iEntry, Inc.® publication - $line) { echo $line ; } ?> All Rights Reserved | Privacy Policy and Legal		 Join the WebProWorld Forums: Click Here
Virus Warnings

Subscribe to
SecurityProNews FREE!


[ more newsletters ]

Featured On:
article resources
Search Articles:
[advanced search]

WebProWorld.com
Get in-touch with industry experts and leaders
Post your site for review by expert and peers
Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com

Titan Quest Forum
The #1 Titan Quest forum
Halo 3 Forum
The best Halo, Halo 2, Halo 3 forum
Nintendo Wii
Nintendo Wii news and views
Mac Software
The best in OS X freeware
Graphics Forum
Your source for graphic tutorials
SecurityProNews.com | Breaking eBusiness News Get Your IT Questions Answered - Click Here SecurityProNews News Feeds