New SQL Injection

RobertKaucherRobertKaucher Member Posts: 4,299 ■■■■■■■■■■
in Off-Topic
Have you guys been following this?

New Mass SQL Injection Attack Infects Thousands of Pages - Softpedia

Not just a SQL related thing, but probably seen from the help desk on up...
· Share on FacebookShare on Twitter

Comments

  • chrisonechrisone Member Posts: 2,278 ■■■■■■■■■□
    Yeah i read about this incident, pretty interesting attack.

    Did you see the compromise of the Epsilon advertising company? I got a couple emails from my banks and other services i have regarding this situation. This seems like a very big security breach.

    Banks, credit-card issuers warn of email breach - Yahoo! News
    Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
    2023 Cert Goals: SC-100, eCPTX
    · Share on FacebookShare on Twitter
  • RobertKaucherRobertKaucher Member Posts: 4,299 ■■■■■■■■■■
    chrisone wrote: »
    Yeah i read about this incident, pretty interesting attack.

    Did you see the compromise of the Epsilon advertising company? I got a couple emails from my banks and other services i have regarding this situation. This seems like a very big security breach.

    Banks, credit-card issuers warn of email breach - Yahoo! News

    Yeah, I got the same notification... icon_rolleyes.gif I suppose it is the risk of, well, just living now-a-days...
    · Share on FacebookShare on Twitter
  • phoeneousphoeneous Member Posts: 2,333 ■■■■■■■□□□
    chrisone wrote: »
    Yeah i read about this incident, pretty interesting attack.

    Did you see the compromise of the Epsilon advertising company? I got a couple emails from my banks and other services i have regarding this situation. This seems like a very big security breach.

    Banks, credit-card issuers warn of email breach - Yahoo! News

    I've received three apology emails regarding the Epsilon breach, and after reading RK's post about the new sql attack yesterday I wondered if they were related.
    · Share on FacebookShare on Twitter
  • RobertKaucherRobertKaucher Member Posts: 4,299 ■■■■■■■■■■
    phoeneous wrote: »
    I've received three apology emails regarding the Epsilon breach, and after reading RK's post about the new sql attack yesterday I wondered if they were related.

    Yes, I am changing my name to Robert'); DROP TABLE Students; --

    Just call me Little Bobby Tables.
    · Share on FacebookShare on Twitter
  • NightShade03NightShade03 Member Posts: 1,383 ■■■■■■■□□□
    RobertKaucher wrote: »
    Yes, I am changing my name to Robert'); DROP TABLE Students; --

    Just call me Little Bobby Tables.

    Haha I remember reading that somewhere...I love that line.

    The Epsilon hack is a nightmare...even with the low level impact of data stolen.

    The SQL attack just further drives home the point not to use Windows products icon_twisted.gif
    Modular Learning - Learn Something New

    SE Notebook
    · Share on FacebookShare on Twitter
  • phoeneousphoeneous Member Posts: 2,333 ■■■■■■■□□□
    NightShade03 wrote: »
    The SQL attack just further drives home the point not to use Windows products icon_twisted.gif

    Is t-sql the only language affected?
    · Share on FacebookShare on Twitter
  • RobertKaucherRobertKaucher Member Posts: 4,299 ■■■■■■■■■■
    phoeneous wrote: »
    Is t-sql the only language affected?

    I have not been able to determine how the attack is executed. But all sites that have reported the issue have been using MS SQL Server 2000 - 2008.

    LizaMoon SQL Injection Attack and Scareware FAQs - Yahoo! News

    I for one would really like to know how it is executed as I somewhat doubt it is at the datateir - but I could be wrong.

    I was right. This is NOT an MS SQL specific attack:
    Q: Could this mean that there's a vulnerability in Microsoft SQL Server 2000 and 2005?
    A: No. Everything points to that this is a vulnerability in a web application. We don't know which one(s) yet but SQL Injection attacks work by issuing SQL commands in unsanitized input to the server. That doesn't mean it's a vulnerability in the SQL Server itself, it means that the web application isn't filtering input from the user correctly.
    http://community.websense.com/blogs/securitylabs/archive/2011/03/31/update-on-lizamoon-mass-injection.aspx

    As usual this is at the level of the web app.
    · Share on FacebookShare on Twitter
  • NightShade03NightShade03 Member Posts: 1,383 ■■■■■■■□□□
    If it was a MS SQL specific thing then I would image a SQL worm vs SQL injection would be more commonly seen. I just like to knock Windows icon_wink.gif

    I'm not surprised it's on the application level.
    Modular Learning - Learn Something New

    SE Notebook
    · Share on FacebookShare on Twitter
  • RobertKaucherRobertKaucher Member Posts: 4,299 ■■■■■■■■■■
    NightShade03 wrote: »
    If it was a MS SQL specific thing then I would image a SQL worm vs SQL injection would be more commonly seen. I just like to knock Windows icon_wink.gif

    I'm not surprised it's on the application level.
    Well, I know which way my bread is buttered. But I don't try to make excuses for the past *slammer - code red* cough, cough.
    · Share on FacebookShare on Twitter
  • Forsaken_GAForsaken_GA Member Posts: 4,024
    NightShade03 wrote: »
    Haha I remember reading that somewhere...I love that line.

    sudo make me a sandwich

    but yeah, between this and the rsa breach, our research team has been very very busy. We've been pushing updates to our clients almost daily.
    · Share on FacebookShare on Twitter
Sign In or Register to comment.