Blog Posts Tagged with "SQl Injection"

Ec9b0ab31140696dd578b354b1054635

Password Hash: It's Okay to Inhale...

July 18, 2011 Added by:Vulcan Mindm3ld

The recent IRC Federal and HBGary SQL injection vulnerabilities allowed attackers access to a username/password table stored in the database. IRC Federal's “experts” simply stored unencrypted passwords while HBGary's “expert” third-party developers implemented unsalted, non-iterated MD5...

Comments  (4)

69dafe8b58066478aea48f3d0f384820

Federal Contractor IRC Federal Hit by AntiSec Hackers

July 11, 2011 Added by:Headlines

"They brag about their multi-million dollar partnership with the FBI, Army, Navy, NASA, and the DoJ, selling out their "skills" to the US empire. So we laid nuclear waste to their systems... dropping their databases and private emails, and defaced their professional looking website..."

Comments  (1)

67a9d83011f3fbb2cf8503aff453cc24

Mitigating Injection Attacks

July 07, 2011 Added by:kapil assudani

The developers job gets easier since if he/she is working on an independent code that is a module for the master code, the variable type is identified and hence corresponding input validation / output encoding technique automatically gets applied through the framework...

Comments  (0)

9f19bdb2d175ba86949c352b0cb85572

Risk Management and Compliance – Finally Coming Together?

July 07, 2011 Added by:Neira Jones

Compliance is about providing evidence that controls are in place and is a tactical exercise to ensure business continuity. However, it is not inherently risk aware or economically sensitive. Too much emphasis on compliance can actually increase risk by giving a false sense of security...

Comments  (0)

7c5c876d1933023ac375eead04302e1a

What the CISSP Won't Teach You - Part Trois

July 05, 2011 Added by:Boris Sverdlik

A dedicated attacker will not scour pastebin to get your password, although “inurl: password” used to be a common attack vector. More common amongst the dedicated attacker is getting as much background information as possible as an attacker builds the dossier on their target...

Comments  (0)

Ba829a6cb97f554ffb0272cd3d6c18a7

Google is Your Friend - If You're a Lulzer

June 29, 2011 Added by:Kevin McAleavey

There are exploit GUI's readily available for PostgreSQL, MSSQL and Oracle as well as lesser and older databases. If it's there, and they can find it, and they can talk to it, and you're not properly filtering what can get to it, your site could very well be the next breaking news story...

Comments  (5)

Ba829a6cb97f554ffb0272cd3d6c18a7

Is Your Website at Risk from LulzSec?

June 23, 2011 Added by:Kevin McAleavey

There is no excuse for your facility to provide the next round of "lulz." Examining your ability to withstand DDoS attacks and checking your SQL backend against exploits, you stand a chance of withstanding the onslaught of raging children should they turn their "cannons" your way...

Comments  (10)

B451da363bb08b9a81ceadbadb5133ef

Avoiding The Next Big Data Breach

June 21, 2011 Added by:Alexander Rothacker

It’s incumbent on the individuals that are responsible for the security of the data to ride this wave of activity, raise awareness, and move their security projects forward. There is no reason these large breaches should be occurring, not when the solutions already exist...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

SMBs Face Growing threat from Mass Meshing Attacks

June 17, 2011 Added by:Headlines

"Because they can do it at such a precise level, when they attack they don't just inject a single malicious script like in mass SQL injections. They inject a backdoor, which allows them total control of all the files on the website..."

Comments  (0)

49afa3a1bba5280af6c4bf2fb5ea7669

Citigroup: Housekeeping Isn’t Glamorous - Only Critical

June 12, 2011 Added by:Mike Meikle

Development for online banking software is handled offshore, which can be a challenge when it comes to infusing the application with information security best practices from the foundation up. As to what Citigroup could have done better, it depends on how the breach was perpetrated...

Comments  (2)

69dafe8b58066478aea48f3d0f384820

Believe It or Not: Hackers Hit Sony Networks Again

June 03, 2011 Added by:Headlines

"SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities... From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks?"

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Web Application Attack and Audit Framework 1.0 Released

June 03, 2011 Added by:Headlines

"w3af, is a Web Application Attack and Audit Framework. The w3af core and it's plugins are fully written in python. The project has more than 130 plugins, which check for SQL injection, cross site scripting (xss), local and remote file inclusion and much more..."

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Sony's Catastrophic Security Problem - The End Game

May 26, 2011 Added by:Rafal Los

Hacking incidents tend to have a short-term impact on a business and rarely impact the long-term viability of a large organization. What I suspect may happen here is an event or exfiltration of data so catastrophic that it may actually impact Sony's long-term viability...

Comments  (2)

B451da363bb08b9a81ceadbadb5133ef

SQL Injections In Stored Procedures

May 25, 2011 Added by:Alexander Rothacker

This post discusses how SQL injection in stored procedures could be exploited in Microsoft SQL Server, Oracle, and Sybase ASE databases. SQL injection is an attack that allows an unprivileged user to execute SQL code with elevated privileges due to a bug in the input sanitation...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Anonymous Launches DDoS Attack on USChamber.com

May 24, 2011 Added by:Headlines

At the time of this article's publication, the U.S. Chamber website was experiencing intermittent downtime. Anonymous now seems to be probing the systems for other vulnerabilities, such as susceptibility to a SQL-based attack...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Hacker Offers Insight On Sony PSN Breach

May 19, 2011 Added by:Headlines

"The depths they went indicates that this hack wasn't arbitrary... It seems likely to me that Sony got attacked through its web services first, such as the blog, and it opened up the doors to the rest of Sony's servers..."

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »