So SQL injection kiddies are picking off higher-hanging fruit, now?

An old biddie once told me she preferred that "the big guys get hit first" before she'd worry about a vulnerability in something. Well... is this big enough, now?

The SQL attacks *always* have been hitting the big sites as well as the little ones.

These attacks are automated - it's not as though BusinessWeek was specifically targeted. The bad guys use search engines to find vulnerable sites (big or small) and zap! infect them with their malicious scripts.

(Paris, in honour of The Reg bringing back the old icons)

I first saw a computer in 1972. I cannot count the times I have seen the vulnerabilities and not exploited them. That could have been honesty, stupidity, or the awareness that I'm permanently on the NSA database. I even thought about a proof-of-concept exploit with [Bear Creek Corporation: incorrect name used deliberately]; however, that would most likely have ended with criminal charges.

...Then again, since I've committed criminal mischief by having a seizure (being epileptic, despite the drugs) it might simply have been awareness that my acquaintance with "luck" isn't particularly positive. Or my criminal mind.

The first people to try security shouldn't even necessarily be literate.

--Glenn