sql injection - News, Features, and Slideshows

News

• Telstra reveals Pacnet security breach

  An SQL injection attack allowed third party access to Pacnet’s corporate IT network on 3 April, less than a fortnight before the company's sale to Telstra was finalised on 16 April, the telco revealed today.

• Enterprise security testing: What are you missing?

  For all the advances in enterprise networking over the years there's been one big step backward: security testing. Relatively few enterprises today conduct regular security tests in-house, relying instead on occasional tests by outside consultants or, more dangerously, just taking vendor claims at face value.

• Massive SQL injection attack has comprised nearly 200,000 ASP.Net sites

  Hackers are in the midst of a massively successful SQL injection attack targeting websites built on Microsoft's ASP.Net platform. About 180,000 pages have been affected so far, <a href="http://www.networkworld.com/topics/security.html">security</a> researchers say.

• Cereal hacker on defacement rampage

  The websites of Kellogg’s, Nutri-Grain, Vogel’s and Specialty Cereals were hit in a string of mass defacements on Sunday.

• Western Australian Government websites defaced by hackers

  The Western Australian Government came under attack from hackers who defaced nine of its websites in two days, including the Government House and the City of Perth earlier this month.

• Opinion: Why application-layer defenses belong in the applications

  I know that chances are no one rushed to remove all SQL injection vulnerabilities from their Web applications after I warned in my column last month how serious they can be.

• SQL injection attacks led to massive data breaches

  This week's disclosure that the huge data thefts at Heartland Payment Systems and other retailers resulted from SQL injection attacks could finally push retailers into paying serious attention to Web application security vulnerabilities, just as the breach at TJX focused attention on wireless issues.

• Mozilla quashes first critical bug in Firefox 3.5, beats Microsoft to patch punch

  Mozilla last week issued the first patch for Firefox 3.5, fixing a flaw that went public Monday. One noted contributor had called the flaw a "self-inflicted" vulnerability.

• Classification board Web site hacked

  The Office of Film and Literature Classification Web site has been defaced by what appears to be a group opposed to the government censorship.
  

• Business process flaws seen posing security risks

  Running a secure Web site means more than just guarding against cross-site scripting and SQL injection attacks. Flaws in the business processes that underlie Web sites can also present serious security risks, the CTO of a Web security company said Thursday.

• Hacker claims SQL bug on Symantec site

  A Romanian hacker who has spent the past few weeks exposing a common, but dangerous, Web programming error on security vendors Web sites says he's found a SQL injection flaw on Symantec's Web site. But Symantec says it's not a security issue.

• BusinessWeek turned into malware playground

  The website of BusinessWeek magazine has suffered a major SQL injection attack in recent days that left it hosting malware from hundreds of its pages, Sophos has reported.