By a very weird coincidence we became aware of one of the largest data breach incidents of all time on the same day of Obama's inauguration. Currently hyped conspiracy theory is that someone was hoping that we would be too distracted to notice. The incident which actually took place over the past year resulted in tens of millions of credit and debit card transactions being compromised.

Working for a Data Security vendor I should now throw my usual company line telling you to beware of SQL Injection, Google Hacking and internal threats to your database. However, it seems that this one belongs to one of the oldest tricks in the book.

Attackers managed to install a, probably very simple, Trojan on a server that collected all the transactions processed by a server before being sent to a database.What I really think this attack reinforces is that information security is a layered effort, mitigating different risks in different layers of the protocol stack. In this case these should probably have been Anti Malware, configuration change detection, and maybe some stricter outbound network access controls.