Recommended: System Errors? Click here to Fix your PC »
To-date, AT&T has not provided details about how the site was hacked, however someunconfirmed reports attribute the website being vulnerable to Cross Site Scripting(XSS).
This attack did not come without cost to AT&T. The company notified each customerby e-mail and is now working with law enforcement officials to track down thehacker. AT&T committed to pay for credit monitoring services to protect thosecustomers purchasing Digital Subscriber Line (DSL) equipment online from possiblefraud.
Assessing the security of a website
Websites with web applications such as shopping carts, forms, login pages anddynamic content, in general, are always a prime target for attack. To functionfully, web applications require open and direct access to backend databases: ifimproperly coded, web applications become easy gateways to social security numbers,credit card details and even medical records. Hackers experiment heavily with a widevariety of techniques to lay their hands on this type of data since the pay-offs areenormous.
Acunetix WVS protects against these attacks including Cross Site Scripting and SQLInjection vulnerabilities. Furthermore, Acunetix protects against the embedding ofJavascript malware in a web-page through its JavaScript Analyzer. Such protectionsecures all AJAX applications.
An automated check of AT&TÂ's website (using Acunetix WVS) could have prevented thisattack and saved the company from denting its reputation and the subsequent loss ofcustomer trust.
Acunetix provides free audit to help companies determine the security of their websites
Enterprises who would like to have their website security checked can register for afree audit by visiting www.acunetix.com/security-audi t. Participating enterpriseswill receive a summary audit report showing whether their website is secure or not.Summary reports will be delivered within five business days of submission.
About Acunetix Web Vulnerability Scanner
Acunetix Web Vulnerability Scanner ensures website security by automaticallychecking for SQL injection, Cross site scripting and other vulnerabilities. Itchecks password strength on authentication pages and automatically audits shoppingcarts, forms, dynamic content and other web applications. As the scan is beingcompleted, the software produces detailed reports that pinpoint wherevulnerabilities exist.
About Acunetix
Acunetix was founded to combat the alarming rise in web attacks. Its flagshipproduct, Acunetix Web Vulnerability Scanner, is the result of several years ofdevelopment by a team of highly experienced security developers. Acunetix is aprivately held company with headquarters based in Europe (Malta), a US office inSeattle, Washington and an office in London, UK. For more information aboutAcunetix, visit: http://www.acunetix.com; http://www.acunetix.de.
All product and company names herein may be trademarks of their respective owners.
For more information:Please email Tamara Borg: tamara@acunetix.comAcunetix Ltd: Tel: (+44) 0845 6126712; Fax: (+44) 0845 6126716.URL: http://www.acunetix.com.
