SQL injection

RSS

Year of the High-Profile Hack taught web developers nothing about security

Posted December 8, 2011 - 3:36 pm

Security vendor Veracode tightened up its criteria to judge which web applications are secure, but still found an appalling number of new web apps built and posted without elementary precautions to plug security holes that allowed hackers to make headlines all this year.
- Quick Read
- 1 comment
- Like
- Tweet
Hackers come out of shadows to attack police, support Occupy protests

Posted October 28, 2011 - 12:11 pm

Members of hacktivist group Anonymous took center stage in the Occupy Wall Street protests this week, taking down the Oakland PD site in retaliation for Tuesday's violent anti-protest, calling for for more attacks on police sites and a citywide general strike Nov. 2.
- Quick Read
- Like
- Tweet
Powerful, simple new mass SQL injection attack opens 180K sites

Posted October 24, 2011 - 3:16 pm

A short SQL injection exploit has infected 180,000 servers, making each vulnerable to anyone who knows what to look for -- a set of potential victims whose browsers can be redirected easily to any site, holding any malware, the attacker wishes.
- Quick Read
- Like
- Tweet
Sony finally hires new IT security chief

Posted September 6, 2011 - 10:46 am

Sony announced today it has hired a new VP and chief security officer: Philip Reitman, whose impressive resume includes time as a prosecutor, bureaucrat, upper level manager of large organizations, but little experience working inside a company to make sure its sites are secure.
- Quick Read
- Like
- Tweet
New version of hack platform automates attacks, keeps database of best tools

Posted July 28, 2011 - 11:00 pm

The most popular open-source-turned-commercial hacking tool gets impressive new abilities to store, recall and integrate exploits for many different systems.
- Quick Read
- Like
- Tweet
Sony CEO gives reason for data breaches: Bad people don't like how responsible we are

Posted June 30, 2011 - 12:00 pm

Stringer: the 2nd-largest data breach in history was prompted by Sony suits against customers who mod its game console, not laughable security, poor management and ineffective response.
- Quick Read
- Like
- Tweet
Forget cops; other hackers are taking down LulzSec and Anonymous

Posted June 22, 2011 - 10:24 am

Law enforcement in at least three countries are actively pursuing LulzSec, but the biggest damage so far has been done by other hackers fed up with LulzSec grandstanding.
- Quick Read
- Like
- Tweet
Sony is only No. 2 in all-time-largest data breach, despite bad security, weak passwords

Posted June 14, 2011 - 11:12 am

As at other breached sites, Sony customers used short, simple passwords that could be cracked easily; if Sony hadn't stored them as plain text that could be read without even that much effort.
- Quick Read
- Like
- Tweet
At EEE, will Sony admit 'Crack my Network' has become its most popular game?

Posted June 6, 2011 - 9:48 am

Nintendo admits it was also hacked, but the list of Sony breaches keeps getting longer; what do you think it will talk about at EEE, the annual videogame-fest in LA this week?
- Quick Read
- Like
- Tweet
Hacks make Internet look lawless, but security just hasn't caught up to spear-phishers yet

Posted June 3, 2011 - 11:09 am

Data breaches shake confidence in the cloud, blaming it for security gaps between new technology, old security policies and a human tendency toward trust. Fix that and you're golden.
- Quick Read
- Like
- Tweet
New pwnage shows Sony broke promises to fix its security

Posted June 3, 2011 - 9:58 am

LulzSec hits Sony with the same simple SQL injections that cracked it the last time(s); Sony didn't even encrypt usernames or passwords, which are now safely posted on a public site.
- Quick Read
- 1 comment
- Like
- Tweet
More hacks show Sony hasn't figured out what 'fix your security' actually means

Posted May 26, 2011 - 9:14 am

The list of major Sony data breaches is approaching double digits, all apparently due to SQL attacks against flaws it should have fixed on all its sites after it got pwned the first time.
- Quick Read
- Like
- Tweet
Giant April Fool's day Web attack has little effect?

Posted April 4, 2011 - 12:13 pm

A SQL injection attack that infected millions of Web pages could have been prevented relatively cheaply and easily; why are so many Web sites unprotected?
- Quick Read
- Like
- Tweet
Websense: Massive cyber attack hits 1.5 million sites

Posted April 1, 2011 - 8:01 am

Security vendor Websense reports an SQL injection attack that has spread to more than 1.5 million web sites and shows no sign of stopping.
- Quick Read
- Like
- Tweet
Tool review: Netsparker

Posted September 7, 2010 - 10:10 am

Especially effective at finding SQL injections and cross-site issues, Netsparker is one web application scanner you should add to your toolchest.
- Quick Read
- Like
- Tweet
SQL Injection, Active X on decline: IBM X-Force

Posted March 15, 2010 - 4:03 pm

IBM's X-Force 2009 Trend and Risk report shows an 11 per cent drop in discovered vulnerabilities compared to 2008, including a decline in the largest categories like SQL Injections and ActiveX.
- Quick Read
- Like
- Tweet
Web-application errors pose danger to enterprises

Posted November 12, 2009 - 5:13 pm

A majority of Web sites have at least one major security issue that could be used by hackers for fraud-related purposes, according to a new survey.
- Quick Read
- Like
- Tweet
Is Your Web Site Under Attack?

Posted October 26, 2009 - 6:24 pm

If you have a web site, the answer is undoubtedly "yes". Someone somewhere or, more likely, quite a few someones are attempting to attack your site or the system on which it is running. Assuming hackers have found your site and are testing it for holes that they might crawl through, let's take a look at how you can uncover evidence of their exploits with a quick examination of your web logs.
- Quick Read
- 4 comments
- Like
- Tweet
Hijacked Web sites attack visitors

Posted October 19, 2009 - 3:17 pm

Here's the scenario: Attackers compromise a major brand's Web site. But instead of stealing customer records, the attacker installs malware that infects the computers of thousands of visitors to the site. The issue goes unnoticed until it's exposed publicly.
- Quick Read
- Like
- Tweet
Opinion: Why application-layer defenses belong in the applications

Posted October 18, 2009 - 9:12 pm

Intrusion-detection tools might seem up to the job of stopping SQL injection attacks, but they aren't.
- Quick Read
- Like
- Tweet
Internet Security: Patch your apps now!

Posted September 15, 2009 - 3:47 am

A report from the SANS Institute shows that it is all about unpatched applications, not the underlying operating systems. Most of the observed attacks have come from older, weaker apps and well known Internet vulnerabilities.
- Quick Read
- 1 comment
- Like
- Tweet
Web App Firewalls: How to Evaluate, Buy, Implement

Posted June 15, 2009 - 9:07 am

Application-layer attacks bypass standard perimeter defenses. Here's how to evaluate firewalls that screen web app traffic.
- Quick Read
- Like
- Tweet
Hacker claims SQL bug on Symantec site

Posted February 19, 2009 - 3:14 pm

Symantec is the latest company to fall prey to a Romanian hacker who has been finding SQL injection bugs in security sites.
- Quick Read
- 1 comment
- Like
- Tweet
Thousands hit in broad Web hack

Posted November 7, 2008 - 9:12 pm

Kaspersky warns that as many as 10,000 Web sites have been compromised in a mass Web attack.
- Quick Read
- Like
- Tweet
Kaspersky says hacking attack did no damage

Posted July 22, 2008 - 2:55 pm

The defacement of one of Kaspersky Lab's partner Web sites over the weekend occurred while the site was under construction and offered no data to steal, a senior company official said Tuesday.
- Quick Read
- Like
- Tweet

Free downloads.
Become an today.

content

Ask a Question

SQL injection

Free downloads.Become an today.

News

News

News

Marketplace

Sponsored Links

The IDG Network

Free downloads.
Become an today.