Yet another mass compromise is hitting poorly configured websites, and at least one of the afflicted is a security site that plays up its prowess in warding off the very type of attack it has been smitten by. At least 17 pages on idera.com were hit by a quick-moving SQL injection attack on Friday, including one titled “ …
this is getting tedious
Why is it that so many alleged professionals have so much trouble blocking such a simple attack? This is getting beyond a joke now. What's _wrong_ with them? Why, at this late date, does this still happen? Why?
... (as with so much of life) the easier and more common-place some things become, like coding up a SQL-based content website, the more semi-skilled numpties will earn a simple crust doing so - badly!
The title is required, and must contain letters and/or digits.
the reason is how easy php is. Anybody can learn it and think he masters it in less then a month. Imagine the websites he creates, the scripts etc.
Second reason open source....when a large application like wordpress is open source hackers can analyze it to find bugs. It a lot quicker then black box testing. Proprietary solutions are harder to crack, provided that the developers test it properly first, or hire some pentesters.
The Phucket Gazette?
Wonder if that's what they think of security. You know what? Phucket.
easy hack vs harder code
part of the problem is that - in any language - it's easier to write something like connection.execute("SELECT a,b,c FROM d WHERE username='" + form.username + "''") than set up and execute a properly validated and formatted stored procedure call
For newbie developers - fresh out of primary school and deploying their first web2.0 project finding simple best-practice recipies is also tough and until you've been burnt it's hard to realise why it's so important
@this is getting tedious
I know. I work for a hoster, we get blamed because the end users and their developers think our platform is insecure and can't/won't believe their code is to culprit.
When I investigate these claims it makes me weep when I see their data access code or code that managed file uploads and the like.
Three easy answers
1. Constant staff reviews/reorganisations
2. Cost-cutting - penny pinching
3. Management Accountants
Chances are they are not professionals, but by people that know a little about pc's and therefore are "experts", shoved into doing this by their bosses who don't want to pay for the websites to be built correctly, but still expect a wonderful media rich web 2.0 experience.
- Analysis Oh no, Joe: WinPhone users already griping over 8.1 mega-update
- Leaked pics show EMBIGGENED iPhone 6 screen
- Opportunity selfie: Martian winds have given the spunky ol' rover a spring cleaning
- OK, we get the message, Microsoft: Windows Defender splats 1000s of WinXP, Server 2k3 PCs
- Episode 4 BOFH: Oh DO tell us what you think. *CLICK*