Add BusinessWeek.com to the list of big-name sites felled by the mighty SQL injection attack. According to Sophos, the business news site has been infected with attack code that since sometime last week has been trying to install malware on the machines of those who visit the site. The attack affected hundreds of BusinessWeek. …
Is developer / admin laziness still newsworthy?
So SQL injection kiddies are picking off higher-hanging fruit, now?
An old biddie once told me she preferred that "the big guys get hit first" before she'd worry about a vulnerability in something. Well... is this big enough, now?
Hmm no information stolen
I wonder how they confirm that?
Surely the first thing to do is to drop in an encrypted conection, and stop the monitoring dead in its tracks, just before the monitoring itself is compromised.
Nah, I don't believe them, I think they are just saying that, they cannot know for sure. They can work out if has definitiely happened, but they cannot say it has not happened, this is just spin on their behalf.
There are not many good IT security companys in the UK, most don't know their arse from their elbow.
The SQL attacks *always* have been hitting the big sites as well as the little ones.
These attacks are automated - it's not as though BusinessWeek was specifically targeted. The bad guys use search engines to find vulnerable sites (big or small) and zap! infect them with their malicious scripts.
(Paris, in honour of The Reg bringing back the old icons)
sql attacks, maintenance laziness
I first saw a computer in 1972. I cannot count the times I have seen the vulnerabilities and not exploited them. That could have been honesty, stupidity, or the awareness that I'm permanently on the NSA database. I even thought about a proof-of-concept exploit with [Bear Creek Corporation: incorrect name used deliberately]; however, that would most likely have ended with criminal charges.
...Then again, since I've committed criminal mischief by having a seizure (being epileptic, despite the drugs) it might simply have been awareness that my acquaintance with "luck" isn't particularly positive. Or my criminal mind.
The first people to try security shouldn't even necessarily be literate.
This is what they get for hiring little Bobby Tables as a news correspondent. (see xkcd or tdwtf)