The recent Newegg code injection

Newegg was recently involved in customer credit card data theft between August 14th and September 18th. (read more here and here.) This was done by “Magecart” a previously identified javascript code injection. After seeing what happened, I couldn’t help but think to myself that this all could have been prevented quite easily. I’ll explain.

Websites primarily consist of 2 main things, web files (php, asp, html) and databases (MySQL, PostgreSQL, Oracle). This kind of attack involved the first of the 2. It was a code injection into a site file.

Every file can be “hashed”, this means that through mathematical calculations it can turn any bytes of data in a file into a kind of unique identifier for that file. Which means that if anyone so much as added the letter “t” to a page, it would change the hash completely. It wouldn’t be hard to generate hashes for all of your clean off-site files, then upload those to the server and run a periodic hourly check on all files to make sure the hash hasn’t changed for any files. If the hash did change, then you’d know the website was compromised.

Just a thought about the next time you develop a web application with payment systems. Security should always come first.

– Captain Hindsight Away

 
 
© 2018 NRGsoft