Re: Breaking into computers you don't own..
SQL injection is quite obvious after you have written a web driven application with an SQL back end. Once it occurs to you that the text box on the web page gets interpreted by the SQL engine then you realize just how creative you can get by 'escaping' the text string and writing in native SQL which may even feature access to the OS command line or executables.
I figured this out 18 years ago when I discovered this problem in my own code.
I wrote active web page code something like
IF PASSWORD$ = [user.password] THEN 'let me in'
where PASSWORD$ was the input the user typed on the web page.
If the user typed ¬[user.password]¬ or whatever squiggle escaped the string then the code would be read as
IF [user.password] = [user.password] THEN 'let me in'
The funny thing was that I wrote it in VBA but the next guy rewrote it in Java because he said VBA was shit but it had the Java version of the same bug.
The solution of course was to pass all user input through a function that would clean out any funny characters.