Via haiku, this from Troy Hunt:
You know what really strikes me about a lot of the hacks we’ve seen lately? It just seems too easy. I mean we’re seeing a huge number of attacks (an unprecedented number, by some figures) and all too often the perpetrator is a kid. I don’t mean that in a relative sense to myself as I get older, I mean literally a child.
The problem, of course, is that many of these “hacks” have become simple point and shoot affairs using freely available tools. In the case of SQL injection, tools such as Havij mean that even if you don’t know your indexes from your collations or your UDFs from your DMVs, so long as you can copy and paste a URL you can be an instant “hacker”.
In fact I reckon it’s so easy that even my 3 year old can be a successful hacker. Turns out that’s not too far from the truth.
We’re currently under attack behind the scenes, hence certain references in the 11:00 post [Part 9]. Basically, a wedge has been driven between one of our key techies [a vital conduit in OoL and NO] and yours truly. At the same time, my internet service went down many times last evening and things went weird in the formatting of NO – you never saw any of that.
I’ve felt for some time that my best defence is not some super-duper anti-hacking device but to make things run in such a way that it doesn’t matter if things do get hacked, which I’d suspect they would do. In other words, human defences versus technical defences. And in the end, the best defences are still, surely, “I don’t give a damn,” as long as you mean it and being basically for us ordinary people, rather than against them.
Shall keep you posted if I’m still online.
And haiku also mentions a defence against SQL injection: