Blog Date: 10/23/2017
Author: Ray Coulombe
Real Life SQLI Examples
As Time magazine reported in their July 20, 2017 article, “Inside the Secret Plan to Stop Vladimir Putin’s U.S. Election Plot,” hackers targeted a number of state voter registration and election sites, including the state of Illinois. In one Illinois jurisdiction, as the article states, “instead of entering his personal information in one of the fields for names and addresses, the hacker uploaded a string of malicious prewritten code, executing a classic hack known as SQL Injection (SQLI). With that, the hacker opened a back door to all 15 million files on past and current voters in the state since 2006. And for nearly three weeks, no one knew he was there.”
Companies small and large aren’t immune. In fact, many smaller firms and individuals use WordPress to construct their web sites, yet it’s an environment which is known historically to be vulnerable. Wordfence reports that 18 percent of the nearly 1,600 WordPress vulnerabilities enumerated over 14 months were SQL Injection based.
A Veracode analysis has determined that our Federal Government has the highest prevalence of easily exploitable vulnerabilities like SQL Injections and cross-site scripting. Want to see more examples? Visit http://codecurmudgeon.com/wp/sql-injection-hall-of-shame.
SQL stands for Structured Query Language which provides an architecture, structure, and syntax for constructing and interacting with relational databases. Among its database functions, SQL can execute queries, retrieve data, and insert, delete, and update records.
Objectives for SQLI attacks differ, but include:
It’s summer vacation time! The last thing you need to worry about it is getting your identity stolen while you’re sitting on a beach somewhere exotic. In 2016, more than 15 million Americans were victims of identity theft, up 16 percent from the previous year, according to Experian. Plus, about 33 percent of that fraud took place when people were traveling.
Here’s a few tips to staying safe all summer while traveling...
read more -->
Cat 5e became an ANSI/TIA/EIA standard in 2001, Cat 6 in 2002, and Cat 6a in 2008. However, it may be extremely useful to consider taking advantage of other existing cabling infrastructure in lieu of running new. Read more to learn how to approach cabling.
read more -->
This year at ISC (the International Security Conference and Exposition), I was determined to try to see the latest iStechnologies hiding in the nooks and crannies—literally! I visited booths in the back, the basement, small kiosks hidden inside larger vendor books, and throughout the Emerging Technology Zone.
In case you missed the show, I’ll round up some of the best new technologies and companies to keep an eye on. Read more.
read more -->
Earlier this year, in March, the City of Atlanta’s nearly 8,000 employees heard words they never thought they would hear: “It’s okay to turn your computers on.” Their computers were powered off for five days. In those five days Atlanta residents could not pay traffic tickets, water bills, or report city issues. Read how ransomware impacted this metropolitan area.
read more -->
There is no one size fits all when it comes to K-12 school security. Schools vary in so many ways: size, age, local environment, affluence, culture, governance, and more. Read some helpful tips and resources that might just help your school be better prepared.
read more -->