New SQL Injection
RobertKaucher
Member Posts: 4,299 ■■■■■■■■■■
in Off-Topic
Have you guys been following this?
New Mass SQL Injection Attack Infects Thousands of Pages - Softpedia
Not just a SQL related thing, but probably seen from the help desk on up...
New Mass SQL Injection Attack Infects Thousands of Pages - Softpedia
Not just a SQL related thing, but probably seen from the help desk on up...
Comments
-
chrisone Member Posts: 2,278 ■■■■■■■■■□Yeah i read about this incident, pretty interesting attack.
Did you see the compromise of the Epsilon advertising company? I got a couple emails from my banks and other services i have regarding this situation. This seems like a very big security breach.
Banks, credit-card issuers warn of email breach - Yahoo! NewsCerts: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
2023 Cert Goals: SC-100, eCPTX -
RobertKaucher Member Posts: 4,299 ■■■■■■■■■■Yeah i read about this incident, pretty interesting attack.
Did you see the compromise of the Epsilon advertising company? I got a couple emails from my banks and other services i have regarding this situation. This seems like a very big security breach.
Banks, credit-card issuers warn of email breach - Yahoo! News
Yeah, I got the same notification... I suppose it is the risk of, well, just living now-a-days... -
phoeneous Member Posts: 2,333 ■■■■■■■□□□Yeah i read about this incident, pretty interesting attack.
Did you see the compromise of the Epsilon advertising company? I got a couple emails from my banks and other services i have regarding this situation. This seems like a very big security breach.
Banks, credit-card issuers warn of email breach - Yahoo! News
I've received three apology emails regarding the Epsilon breach, and after reading RK's post about the new sql attack yesterday I wondered if they were related. -
RobertKaucher Member Posts: 4,299 ■■■■■■■■■■I've received three apology emails regarding the Epsilon breach, and after reading RK's post about the new sql attack yesterday I wondered if they were related.
Yes, I am changing my name to Robert'); DROP TABLE Students; --
Just call me Little Bobby Tables. -
NightShade03 Member Posts: 1,383 ■■■■■■■□□□RobertKaucher wrote: »Yes, I am changing my name to Robert'); DROP TABLE Students; --
Just call me Little Bobby Tables.
Haha I remember reading that somewhere...I love that line.
The Epsilon hack is a nightmare...even with the low level impact of data stolen.
The SQL attack just further drives home the point not to use Windows products -
phoeneous Member Posts: 2,333 ■■■■■■■□□□NightShade03 wrote: »The SQL attack just further drives home the point not to use Windows products
Is t-sql the only language affected? -
RobertKaucher Member Posts: 4,299 ■■■■■■■■■■Is t-sql the only language affected?
I have not been able to determine how the attack is executed. But all sites that have reported the issue have been using MS SQL Server 2000 - 2008.
LizaMoon SQL Injection Attack and Scareware FAQs - Yahoo! News
I for one would really like to know how it is executed as I somewhat doubt it is at the datateir - but I could be wrong.
I was right. This is NOT an MS SQL specific attack:Q: Could this mean that there's a vulnerability in Microsoft SQL Server 2000 and 2005?
A: No. Everything points to that this is a vulnerability in a web application. We don't know which one(s) yet but SQL Injection attacks work by issuing SQL commands in unsanitized input to the server. That doesn't mean it's a vulnerability in the SQL Server itself, it means that the web application isn't filtering input from the user correctly.
As usual this is at the level of the web app. -
NightShade03 Member Posts: 1,383 ■■■■■■■□□□If it was a MS SQL specific thing then I would image a SQL worm vs SQL injection would be more commonly seen. I just like to knock Windows
I'm not surprised it's on the application level. -
RobertKaucher Member Posts: 4,299 ■■■■■■■■■■NightShade03 wrote: »If it was a MS SQL specific thing then I would image a SQL worm vs SQL injection would be more commonly seen. I just like to knock Windows
I'm not surprised it's on the application level. -
Forsaken_GA Member Posts: 4,024NightShade03 wrote: »Haha I remember reading that somewhere...I love that line.
sudo make me a sandwich
but yeah, between this and the rsa breach, our research team has been very very busy. We've been pushing updates to our clients almost daily.