Site Sponsor:

mcafee_logo.gif
line

Now Available:

Featured Resource:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Dan or post a comment to the blog.

« Botnets Meet Ocean's Eleven: Scamming Online Gambling | Main | Security Budgets Growing to Approx. 20% of IT Spending »

eBay Hacked Through Old Code

eBay was hacked last week, according to Ars Techncia, and the attacker took advantage of some old code that was left on a server:

A hacker infiltrated an eBay server and disabled accounts of several members on Friday. Representatives of eBay say that the hacker used vestigial components of an old eBay administrative system that has long been unused. The code exploited by the hacker has since been taken down, and eBay claims that no financial information was exposed.

Having a process for decommissioning software is just as important as having one for hardware as this incident shows. The problem is, how many companies do it well enough to avoid this kind of breach?

It's one thing to decommission hardware, you can trip over a server or a workstation. Software isn't so obvious. (A decommissioned 1U server in a rack in a room filled with racks isn't so obvious either but that's another story).

Full software life cycle management helps here as do controls like COBIT. This is one of those cases where security isn't so much about "security" as it is about housekeeping.

Tags:          
 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Dan Sullivan on October 9, 2007 5:04 PM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-websecurity.com/type/mt-tb.cgi/470

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Latest White Papers

line

Blog Roll

line

Dan Sullivan's Bio:

Dan Sullivan is a systems architect with 20 years of IT experience that includes engagements in enterprise security, application design, and systems architecture. His experience includes a broad range of industries, including financial services, manufacturing, government, retail, gas and oil production, power generation, and education. Dan’s security-related project work has ranged from requirements analysis for enterprise information security to designing and implementing security for database applications and enterprise portals. Dan has written about information security and other enterprise information management topics for Business Security Advisor, DM Review, Intelligent Enterprise, and E-Business Advisor. You can contact Dan at: dan_sullivan@realtimepublishers.net