back to article 1,000+ webpages poisoned in latest mass malware hack

Yet another mass compromise is hitting poorly configured websites, and at least one of the afflicted is a security site that plays up its prowess in warding off the very type of attack it has been smitten by. At least 17 pages on idera.com were hit by a quick-moving SQL injection attack on Friday, including one titled “ …

COMMENTS

This topic is closed for new posts.
Bronze badge
Unhappy

this is getting tedious

Why is it that so many alleged professionals have so much trouble blocking such a simple attack? This is getting beyond a joke now. What's _wrong_ with them? Why, at this late date, does this still happen? Why?

6
0
FAIL

Because...

... (as with so much of life) the easier and more common-place some things become, like coding up a SQL-based content website, the more semi-skilled numpties will earn a simple crust doing so - badly!

1
0

The title is required, and must contain letters and/or digits.

the reason is how easy php is. Anybody can learn it and think he masters it in less then a month. Imagine the websites he creates, the scripts etc.

Second reason open source....when a large application like wordpress is open source hackers can analyze it to find bugs. It a lot quicker then black box testing. Proprietary solutions are harder to crack, provided that the developers test it properly first, or hire some pentesters.

1
1

The Phucket Gazette?

Wonder if that's what they think of security. You know what? Phucket.

0
0

easy hack vs harder code

part of the problem is that - in any language - it's easier to write something like connection.execute("SELECT a,b,c FROM d WHERE username='" + form.username + "''") than set up and execute a properly validated and formatted stored procedure call

For newbie developers - fresh out of primary school and deploying their first web2.0 project finding simple best-practice recipies is also tough and until you've been burnt it's hard to realise why it's so important

0
0
FAIL

@this is getting tedious

I know. I work for a hoster, we get blamed because the end users and their developers think our platform is insecure and can't/won't believe their code is to culprit.

When I investigate these claims it makes me weep when I see their data access code or code that managed file uploads and the like.

0
0
Silver badge
Alert

Three easy answers

1. Constant staff reviews/reorganisations

2. Cost-cutting - penny pinching

3. Management Accountants

0
0
Unhappy

@James

Chances are they are not professionals, but by people that know a little about pc's and therefore are "experts", shoved into doing this by their bosses who don't want to pay for the websites to be built correctly, but still expect a wonderful media rich web 2.0 experience.

1
0
This topic is closed for new posts.

Forums