Here hacker is being used incorrectly

That is because the terms script kiddie and hacker are being used together; that is an oxymoron.

And of course there is artistic license, because later we find the crackers are claiming to be hackers; but what do these script kiddies know, they could be claiming to be the love children of Turing and Von Rossum, it does not make it true.

SQL injection is not hacking, and the security pros are not pros if they have claimed a site to be secure that is vulnerable to SQL injection.

As to the problem of SQL injection, well if you know your stuff it is not hard to stop it.

It is only set to get worse though, as more fuzzers start to come online.

The answer is...

Developers should use stored procedures and tell their db server not to server up any other requests apart from SPs. That way it makes it impossible to execute a sql injection attack. (Plus use the usual anti-scripting tactics - never let your guard down.)

Bas show

This isn't some shitbag corporation or filthy governmental oppression centre they're messing with, it's a scientific mission of importance to Humanity. They should tag the site and then send a patch to stop it happening again.

They could have done much more

Imagine if they had an imagination and spoofed the site with news of a real live alien found on mars.

Such an opportunity wasted. HGWells they are not.

Noscript

Firefox with Noscript extension... so, that would be Opera clean out of the box, then?

Richard

The answer is

Taint Mode, obviously.

@ Regardless

AC, I'm afraid Reg readers generally would find that OK. It'd be your fault for leaving your door unlocked, and you'd deserve it. In fact, you shouldn't even be allowed to have a house by their standards. And going by the comments on this particular thread, even if you had secured your house as best you could, anyone breaking in would actually be their hero if he'd hand-crafted some burglary tools instead of picking up a brick someone else had made to break a window. Obviously, that particular window would have to have a dodgy alarm on it or whatever, to pre-empt smartarse comments about it not being totally secure etc. etc. Oh, and the guys here, were they criminally inclined, would of course have produced the materials for the tools themselves blah blah blah ...

@AC re:Regardless

Brilliant. Bang on.

@Low Imagination

I'd probably of told them that we were now at war with the unknown aliens, create a few fake transcripts - have a real giggle.

Painful

"Red is the color of the Martian surface, but it seems it also describes the faces of security pros responsible for the sites"

Lawks..

@AC re:Regardless again

Had to reread that as it is such a brilliant summary of expected comments.

Thanks for making me laugh.

Again.

@AC crApple fanboi

Running a browser that, without asking my permission, downloads files or blindly allows well known iframes hacks and who's designers can't be bothered to actually fix the problem ain't going to hunt.

But then again, what else do you expect from a company whose product sells pretty much because it is nothing more than eye candy. Why buy Mac when you can get more for less with a PC and Linux?

And if this browser is so good, why did crApple feel the need to forcibly and fraudulently install it on the computers in a failed attempot to boost it's pathetic 1 to 2% market share. Somewhat ironic since crApple are claiming a 7%+ market share, which means that the vast majority of crApple users are installing Firefox rather than using Safari on it's native platform. Speaks volumes.

Opera? Why install bloatware? I want a web browser to browse the web, not do email, etc. Bollox to apoplication convergence. They are always a compromise.