maravis.com

Being President of the United States certainly has it perks for Obama. He already got a brand new set of wheels with all the hi-tech gear. We all know that he is very keen on his BlackBerry phone. He has been photographed with it so many times during the election campaign. But an ordinary phone can be a security risk. It can be hacked and its contents viewed, communications intercepted or its location identified. So, he is getting a new phone. And not just any phone.

Well, there has been another huge data breach. This time, it is Heartland Payment Systems, a provider of credit and debit card processing services. And the size of the breach is staggering: at least 100 million cards. This is more than double the TJMaxx breach which resulted in about 45 million cards being compromised.

In every web application security training class that I conduct, I keep repeating that programmers can eliminate a lot of security issues by doing two things:

1. Validate all input properly
2. Prevent information leakage, primarily by properly handling exceptions and giving out generic error messages.

This is based on my experience performing penetration tests on web applications since 2001. While my advice is based on my observations, I did not document the data to back this up. Now, the data has been provided by a third-party.