Webmaster rambling and mental notes
Home | Profile | Archives | Friends
Half a Million Microsoft-Powered Sites Hit With SQL Injection
4/29/2008

Titus Germanicus writes to tell us that a recent attack has compromised scattered in the turf of 500,000 pages with a SQL injection attack. The vulnerability seems to be limited to Microsoft's IIS webserver and is easily defeated by the end user with Firefox and "NoScript". "The automated attack takes advantage to the fact that Microsoft's IIS servers allow generic commands that don't require express table-level arguments. However, the vulnerability is the result of poor data handling by the sites' creators, rather than a express Microsoft flaw. In other words, there's no patch that's going to fix the issue, the problem is with the developers who failed follow well-established security even break for handling database input. The attack itself injects some malicious code into every text field in your database, the then loads an external script that can compromise a user's PC." Ignoring united spin-doctoring there seems to be plenty of blame to go around.

Read more of this story at Slashdot.


More: - The rest...

Mark

Share |
(Posted in Nerd)
Share and enjoy
  • Digg
  • del.icio.us
  • blinkbits
  • BlinkList
  • BlogMemes
  • blogmarks
  • DZone
  • Fark
  • Furl
  • Netvouz
  • NewsVine
  • Reddit
  • Slashdot
  • Smarking
  • Spurl
  • StumbleUpon
  • Taggly
  • Technorati
  • YahooMyWeb
Post Comment

Notify me of followup comments via e-mail.

Entry 1 of 6209
Last Page | Next Page