Firm at heart of biggest oil spill spews toxic web attack Transocean, the offshore drilling contractor at the center of the world's biggest marine oil spill in the history of petroleum production, has been caught spewing a virtual sort of toxic sludge, according to a report released Thursday. Researchers at web security firm Websense said deepwater.com, Transocean's official website, …
“We don't know exactly how the compromise happened but as the attackers were able to upload the exploit files to the server it's not a SQL injection attack (which usually involves redirection to an external server),”
Well, it IS possible to upload code through SQLi.
SELECT something INTO OUTFILE 'backdoor.ext'
Perhaps they have cross-site scripting and SQLi confused? Certainly SQLi is, as its name implies, the injection of malicious code into the database. The end result can vary depending on the code the databse allows to be executed, but can lead to compromise of user acounts, deletion of data, and all sorts of nasty things...
Cross site scripting (XSS) can take some of the forms of SQLi in that some XSS attacks can plant code, ready for the next visitor, but we usually think of url-redirect exploits as described here as XSS attacks.
If these guys are confused, after the event, about the nature of the attack, then it might be wise of them to get someone who can understand the difference, and its a bit surprising that they show so little understanding after the event... I hope they haven't "left it to the developers" to fix it.
PEMEX spill at Ixtoc was biggest oil spill, I believe. The Gulf of Mexico is still there and there are many fish, whales turtles, etc. Waste of good oil, though regardless of bragging as to which is bigger. Totally accidental, too. If your daughter spills milk is she forgiven? Forgive these people, too.
They accidentally dug a hole in the sea and the sea filled up with oil?
No. Until they went out into the Gulf, the sea was fine. They broke it.
Partly by tolerating - requiring - unsafe circumvention of underfunded safe working and safe drilling procedures. Sure I'll illegally risk my life to keep my job. No I won''t, but some fellows will.
I may just be completely out of touch here but, "Only 16 percent of the top 44 antivirus programs detected the latter exploit," I can probably name 10 antivirus programs and I'm willing to bet the account for about 90% of the av programs in use. I wonder what percent of these 10 programs detected the exploit. Yes, it's still a problem but using these figures seems slightly on the side of scaremongering.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
