Mass SQL Injection Attack Hits 1 Million Sites

Hungry Man · Oct 19, 2011

http://www.darkreading.com/database...ql-injection-attack-hits-1-million-sites.html

A mass injection attack similar to the highly publicized LizaMoon attacks of this spring has infected over one million ASP.NET web pages, researchers with Armorize said today. According to database security experts, the SQL injection technique used in this attack depends on the same sloppy misconfiguration of website servers and backend databases that led to LizaMoon's infiltration.
Click to expand...

elapsed · Oct 19, 2011

"To have input validation turned off on their Web servers seems crazy," he says. "There is literally a script feature on ASP.NET that checks input validation, and it's on by default. These people have turned it off, and I cannot wrap my head around why they're turning it off."
Click to expand...

The "people that run the web" are out of their minds.

J_L · Oct 21, 2011

Whew, there goes safe browsing with common sense once again.

wat0114 · Oct 21, 2011

J_L said:

Whew, there goes safe browsing with common sense once again.
Click to expand...

With a half decent security policy in place, it shouldn't be too terribly difficult avoid infection. Nothing to be afraid of, really.

Hungry Man · Oct 21, 2011

Common sense literally isn't security. It's terrible.

@Wat, it depends. I'm not too worried.

Log in or Sign up

Mass SQL Injection Attack Hits 1 Million Sites

Hungry Man Registered Member

elapsed Registered Member

J_L Registered Member

wat0114 Guest

Hungry Man Registered Member

Log in or Sign up

Mass SQL Injection Attack Hits 1 Million Sites

Hungry Man Registered Member

elapsed Registered Member

J_L Registered Member

wat0114 Guest

Hungry Man Registered Member

Useful Searches