|31 May 2009||#4|
| || |
"Investigators believe the hackers used a technique called SQL injection to exploit a security vulnerability in Microsoft's SQL Server database to gain entry to the Web servers."
A 'SQL Injection' is NOT a security vulnerability in a SQL (MSSQL, MYSQL, ORACLE, POSGRESQL, ETC) server. It is a security vulnerability in the web application that accesses the database. So this is NOT Microsoft's fault, but the fault of the poor programming utilized by the web application developer.
There are many ways to stop these attacks, the most important being input validation (aka secure code). Other alternatives, if you have a less then perfect programmer, are application firewalls, IDS/IPS systems, and due diligence.
These 'hacks' are easy enough for any person worth their weight to exploit and happen every days to hundreds of web sites. Most likely, judging by the described defacement, these were 90% automated attacks. Furthermore, if the web server is setup correctly (be it Linux, Windows, MAC, BSD, etc) the most the group would have access to is the web site's database which should have nothing more then information for dynamic content. As I doubt any company would be foolish enough to actually have an externally accessible server to have access to internal only data.
Sorry, but there will be no 'kudos' to the 'hackers' on this one.
|My System Specs|
|Similar help and support threads for2: Anti-U.S. Hackers Infiltrate Army Servers|
|Web servers are hackersí target of choice||Security News|
|any problems with army men RTS?||Gaming|
|Anti-malware, Anti-virus, Anti-spyware||System Security|
|America's Army 3||Gaming|
|salvation army!||BSOD Help and Support|
|How to Remove Win 7 Anti-Spyware 2011 (Fake Anti-Virus Infections)||System Security|
|Kaspersky Anti-Virus cripples Servers||System Security|
|Our Sites ||Site Links ||About Us ||Find Us |
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.
© Designer Media Ltd
All times are GMT -5. The time now is 02:55 AM.