Released on = September 6, 2006, 6:25 am

Press Release Author = Tamara Borg / Acunetix

Industry = Software

Press Release Summary = Acunetix calls for regular website auditing to guard against
the loss of personal sensitive data through web vulnerabilities

Press Release Body = London, UK - 06 September, 2006 - Last weekend, hackers
pilfered the personal data of nearly 19,000 DSL equipment customers through a
vulnerability in AT&T's online store. The affected site was shut down within hours
of the attack being launched. In a statement, AT&T attributed the motive of the
attack to a criminal market for illegally obtained personal information. In fact,
the data also included customers' credit card details.

To-date, AT&T has not provided details about how the site was hacked, however some
unconfirmed reports attribute the website being vulnerable to Cross Site Scripting
(XSS).

This attack did not come without cost to AT&T. The company notified each customer
by e-mail and is now working with law enforcement officials to track down the
hacker. AT&T committed to pay for credit monitoring services to protect those
customers purchasing Digital Subscriber Line (DSL) equipment online from possible
fraud.

Assessing the security of a website

Websites with web applications such as shopping carts, forms, login pages and
dynamic content, in general, are always a prime target for attack. To function
fully, web applications require open and direct access to backend databases: if
improperly coded, web applications become easy gateways to social security numbers,
credit card details and even medical records. Hackers experiment heavily with a wide
variety of techniques to lay their hands on this type of data since the pay-offs are
enormous.

Acunetix WVS protects against these attacks including Cross Site Scripting and SQL
Injection vulnerabilities. Furthermore, Acunetix protects against the embedding of
Javascript malware in a web-page through its JavaScript Analyzer. Such protection
secures all AJAX applications.

An automated check of AT&T's website (using Acunetix WVS) could have prevented this
attack and saved the company from denting its reputation and the subsequent loss of
customer trust.

Acunetix provides free audit to help companies determine the security of their websites

Enterprises who would like to have their website security checked can register for a
free audit by visiting www.acunetix.com/security-audit. Participating enterprises
will receive a summary audit report showing whether their website is secure or not.
Summary reports will be delivered within five business days of submission.

About Acunetix Web Vulnerability Scanner

Acunetix Web Vulnerability Scanner ensures website security by automatically
checking for SQL injection, Cross site scripting and other vulnerabilities. It
checks password strength on authentication pages and automatically audits shopping
carts, forms, dynamic content and other web applications. As the scan is being
completed, the software produces detailed reports that pinpoint where
vulnerabilities exist.

About Acunetix

Acunetix was founded to combat the alarming rise in web attacks. Its flagship
product, Acunetix Web Vulnerability Scanner, is the result of several years of
development by a team of highly experienced security developers. Acunetix is a
privately held company with headquarters based in Europe (Malta), a US office in
Seattle, Washington and an office in London, UK. For more information about
Acunetix, visit: http://www.acunetix.com; http://www.acunetix.de.

All product and company names herein may be trademarks of their respective owners.

For more information:
Please email Tamara Borg: tamara@acunetix.com
Acunetix Ltd: Tel: (+44) 0845 6126712; Fax: (+44) 0845 6126716.
URL: http://www.acunetix.com.

Web Site = http://www.acunetix.com/news/att_hack.htm

Contact Details =
For more information:
Please email Tamara Borg: tamara@acunetix.com
Acunetix Ltd: Tel: (+44) 0845 6126712; Fax: (+44) 0845 6126716.
URL: http://www.acunetix.com.