Blog Posts Tagged with "SQl Injection"


Password Hash: It's Okay to Inhale...

July 18, 2011 Added by:Vulcan Mindm3ld

The recent IRC Federal and HBGary SQL injection vulnerabilities allowed attackers access to a username/password table stored in the database. IRC Federal's “experts” simply stored unencrypted passwords while HBGary's “expert” third-party developers implemented unsalted, non-iterated MD5...

Comments  (4)


Federal Contractor IRC Federal Hit by AntiSec Hackers

July 11, 2011 Added by:Headlines

"They brag about their multi-million dollar partnership with the FBI, Army, Navy, NASA, and the DoJ, selling out their "skills" to the US empire. So we laid nuclear waste to their systems... dropping their databases and private emails, and defaced their professional looking website..."

Comments  (1)


Mitigating Injection Attacks

July 07, 2011 Added by:kapil assudani

The developers job gets easier since if he/she is working on an independent code that is a module for the master code, the variable type is identified and hence corresponding input validation / output encoding technique automatically gets applied through the framework...

Comments  (0)


Risk Management and Compliance – Finally Coming Together?

July 07, 2011 Added by:Neira Jones

Compliance is about providing evidence that controls are in place and is a tactical exercise to ensure business continuity. However, it is not inherently risk aware or economically sensitive. Too much emphasis on compliance can actually increase risk by giving a false sense of security...

Comments  (0)


What the CISSP Won't Teach You - Part Trois

July 05, 2011 Added by:Boris Sverdlik

A dedicated attacker will not scour pastebin to get your password, although “inurl: password” used to be a common attack vector. More common amongst the dedicated attacker is getting as much background information as possible as an attacker builds the dossier on their target...

Comments  (0)


Google is Your Friend - If You're a Lulzer

June 29, 2011 Added by:Kevin McAleavey

There are exploit GUI's readily available for PostgreSQL, MSSQL and Oracle as well as lesser and older databases. If it's there, and they can find it, and they can talk to it, and you're not properly filtering what can get to it, your site could very well be the next breaking news story...

Comments  (5)


Is Your Website at Risk from LulzSec?

June 23, 2011 Added by:Kevin McAleavey

There is no excuse for your facility to provide the next round of "lulz." Examining your ability to withstand DDoS attacks and checking your SQL backend against exploits, you stand a chance of withstanding the onslaught of raging children should they turn their "cannons" your way...

Comments  (10)


Avoiding The Next Big Data Breach

June 21, 2011 Added by:Alexander Rothacker

It’s incumbent on the individuals that are responsible for the security of the data to ride this wave of activity, raise awareness, and move their security projects forward. There is no reason these large breaches should be occurring, not when the solutions already exist...

Comments  (0)


SMBs Face Growing threat from Mass Meshing Attacks

June 17, 2011 Added by:Headlines

"Because they can do it at such a precise level, when they attack they don't just inject a single malicious script like in mass SQL injections. They inject a backdoor, which allows them total control of all the files on the website..."

Comments  (0)


Citigroup: Housekeeping Isn’t Glamorous - Only Critical

June 12, 2011 Added by:Mike Meikle

Development for online banking software is handled offshore, which can be a challenge when it comes to infusing the application with information security best practices from the foundation up. As to what Citigroup could have done better, it depends on how the breach was perpetrated...

Comments  (2)


Believe It or Not: Hackers Hit Sony Networks Again

June 03, 2011 Added by:Headlines

" was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities... From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks?"

Comments  (0)


Web Application Attack and Audit Framework 1.0 Released

June 03, 2011 Added by:Headlines

"w3af, is a Web Application Attack and Audit Framework. The w3af core and it's plugins are fully written in python. The project has more than 130 plugins, which check for SQL injection, cross site scripting (xss), local and remote file inclusion and much more..."

Comments  (0)


Sony's Catastrophic Security Problem - The End Game

May 26, 2011 Added by:Rafal Los

Hacking incidents tend to have a short-term impact on a business and rarely impact the long-term viability of a large organization. What I suspect may happen here is an event or exfiltration of data so catastrophic that it may actually impact Sony's long-term viability...

Comments  (2)


SQL Injections In Stored Procedures

May 25, 2011 Added by:Alexander Rothacker

This post discusses how SQL injection in stored procedures could be exploited in Microsoft SQL Server, Oracle, and Sybase ASE databases. SQL injection is an attack that allows an unprivileged user to execute SQL code with elevated privileges due to a bug in the input sanitation...

Comments  (0)


Anonymous Launches DDoS Attack on

May 24, 2011 Added by:Headlines

At the time of this article's publication, the U.S. Chamber website was experiencing intermittent downtime. Anonymous now seems to be probing the systems for other vulnerabilities, such as susceptibility to a SQL-based attack...

Comments  (0)


Hacker Offers Insight On Sony PSN Breach

May 19, 2011 Added by:Headlines

"The depths they went indicates that this hack wasn't arbitrary... It seems likely to me that Sony got attacked through its web services first, such as the blog, and it opened up the doors to the rest of Sony's servers..."

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »