Fancy shooting up a SQL injection?

Via haiku, this from Troy Hunt:

You know what really strikes me about a lot of the hacks we’ve seen lately? It just seems too easy. I mean we’re seeing a huge number of attacks (an unprecedented number, by some figures) and all too often the perpetrator is a kid. I don’t mean that in a relative sense to myself as I get older, I mean literally a child.

The problem, of course, is that many of these “hacks” have become simple point and shoot affairs using freely available tools. In the case of SQL injection, tools such as Havij mean that even if you don’t know your indexes from your collations or your UDFs from your DMVs, so long as you can copy and paste a URL you can be an instant “hacker”.

In fact I reckon it’s so easy that even my 3 year old can be a successful hacker. Turns out that’s not too far from the truth.

Read more.

We’re currently under attack behind the scenes, hence certain references in the 11:00 post [Part 9].  Basically, a wedge has been driven between one of our key techies [a vital conduit in OoL and NO] and yours truly.   At the same time, my internet service went down many times last evening and things went weird in the formatting of NO – you never saw any of that.

I’ve felt for some time that my best defence is not some super-duper anti-hacking device but to make things run in such a way that it doesn’t matter if things do get hacked, which I’d suspect they would do.   In other words, human defences versus technical defences.   And in the end, the best defences are still, surely, “I don’t give a damn,” as long as you mean it and being basically for us ordinary people, rather than against them.

Shall keep you posted if I’m still online.

And haiku also mentions a defence against SQL injection:

http://www.troyhunt.com/2010/05/owasp-top-10-for-net-developers-part-1.html

One Response to “Fancy shooting up a SQL injection?”

  1. Rossa December 9, 2012 at 17:20 Permalink

    John Ward is also under attack at The Slog so you’re not alone in this James. It appears that those who try to get the truth out are now to be targetted so that people will be put off reading what you have to say. Keep at it as you must be doing something right otherwise they wouldn’t bother.

Leave a Reply

Please copy the string GqOhuW to the field below: