Kahless2k - Slashdot User

Comment Re:$conn_id = mysql_connect("microsoft.com") (Score 1) 202

by Kahless2k on Tuesday August 12, 2008 @10:51PM (#24578111) Attached to: New SQL Injection Attack Fuses Malware, Phishing

First of all, this is not new. My logs have shown attempted attacks like this for over a month.

Second, the attack vector is not simply requesting parameters and passing them to the database; the code is sent as part of the querystring, which the server parses causing the code to be executed which appends the script call into most text fields in your database, in every record.

Default validations do NOT catch all the attempts, certainly most, but the odd one does get through validation - at this point, it doesnt matter how you coded your queries, as long as you have tables with text fields you are just as screwed - the code simply hits every table. Again, you do NOT have to pass this code to the database in your script to be vulnerable

There are modules to beef up the validation, and they work well to prevent this, but you dont have to be an idiot to be hit - and I resent that statement.

And yes, I operate a couple dozen sites across a number of servers and can see this activity clearly in my logs and have one or two successful attacks on fully patched servers to draw my information from.

Feed Gates Voices Concerns About U.S. Education (nytimes.com)

From feed by nytfeed on Thursday March 08, 2007 @01:12AM

Bill Gates told Congress that overhauls of the nation’s schools and immigration laws are needed to keep jobs from going overseas.

Feed In Policy Shift, C-Span Clears Some Clips for Web Use (nytimes.com)

From feed by nytfeed on Thursday March 08, 2007 @01:12AM

The decision to change its copyright policy covers about 50 percent of its material.

Submission + - Targeted by P2PLawsuits? Rolling Stone wants you!

Submitted by

marklyon

on Thursday March 08, 2007 @12:27AM

marklyon writes: "A freelance writer for Rolling Stone magazine is doing one or more stories on the RIAA's new campaign against college students. He would like very much to talk to college students who have received the letters. He wants to do a phone interview by Friday, March 9th, and will pay all phone expenses. His name is Steve Knopper. His contact information is steveknopper@yahoo.com and (303) 433-1325. His website is http://knopps.com/ (via Recording Industry vs The People)."

Submission + - Major gene study uncovers secrets of leukemia

Submitted by

stemceller

on Thursday March 08, 2007 @12:16AM

stemceller writes: "Investigators at St. Jude Children's Research Hospital have discovered previously unsuspected mutations that contribute to the formation of pediatric acute lymphoblastic leukemia (ALL), the most common cancer in children. The discovery not only suggests novel methods for treating pediatric ALL, but also provides a roadmap for the identification of unsuspected mutations in adult cancers."

Submission + - 5 Things You Can't Discuss about Linux

Submitted by gondwannabe on Thursday March 08, 2007 @12:13AM

gondwannabe writes: Flamebait for the /. crowd? How about The Five Things You Aren't Allowed to Discuss About Linux With considerable chutzpa, an insightful Rob Enderle takes on what he considers five dogmas in the OSS community and explains why they're wrong. Examples: Linux is secure, "communes" actually work in the long haul, and that Linux is "pro-developer.

Submission + - FAA Vista shun indicates Linux and Google rise

Submitted by Tookis on Wednesday March 07, 2007 @11:55PM

Tookis writes: A report in Information Week that the US Federal Aviation Administration (FAA) may shun the idea of upgrading to Windows Vista and Microsoft Office in favor of Linux and Google Apps must be giving the big software company air sickness. The FAA is worried about two major things with a Vista upgrade: compatibility with existing applications and cost. Looks like the FAA will stick with XP for some time though. http://www.itwire.com.au/content/view/10276/1023/

Bookmark Mystery of the dying bees (cosmosmagazine.com)

by benlester on Wednesday March 07, 2007 @11:51PM

Submission + - Scientists to use MRI to Read Minds

Submitted by ChainedFei on Wednesday March 07, 2007 @11:42PM

ChainedFei writes: While currently in the experimental stages, Scientists at Germany's Bernstein Center for Computational Neuroscience are using MRI Imaging in order to detect higher level decision making as it occurs in the brain before the thought is put to action. Civil Libertarians are naturally concerned as to the usage of such technology, should it come to fruition. Civil Libertarians are, quite understandably, uneasy of such technology. The initial proposed usages of such technology has been put forward as better Airport Security measures as well as Criminal Interrogations, though the possibility of a Minority Report style use loom throughout.

Submission + - Top 10 Firefox Extensions for Productivity

Submitted by

UndergroundNews

on Wednesday March 07, 2007 @11:39PM

UndergroundNews writes: "Using your computer productivity really can make life easier, Firefox has really made my life more productive just with the simple capability of tabbed browsing. Firefox extensions have also been making life more productive, here's a countdown Top 10 Firefox extensions to improve your productivity."

Submission + - Medical Wikis Featured in Nature Medicine

Submitted by S. Adams on Wednesday March 07, 2007 @11:38PM

S. Adams writes: Two high impact medical journals, BMJ and Nature Medicine have featured articles discussing the impact of Web 2.0 and Wiki software and the future of medical infomatics. Both have stirred some debate on the potential impact of the technology to benefit patient care as well of some of the risk if not used properly. http://www.nature.com/nm/journal/v13/n3/abs/nm0307 -231.html (subscription required) http://www.bmj.com/cgi/content/full/333/7582/1283? maxtoshow=&HITS=10&hits=10&RESULTFORMAT=&fulltext= askdrwiki&searchid=1&FIRSTINDEX=0&resourcetype=HWC IT (open Access)

Feed Shareholders Of Take-Two Plot a Revolt (nytimes.com)

From feed by nytfeed on Wednesday March 07, 2007 @11:12PM

A consortium of investors disclosed that it intended to oust the board and possibly the top management of Take-Two Interactive Software.

Feed Broadcasters Agree to Fine Over Payoffs (nytimes.com)

From feed by nytfeed on Wednesday March 07, 2007 @10:32PM

Four large radio station owners agreed to pay $12.5 million to resolve claims that they accepted cash in exchange for playing songs.

Feed A.M.D. Says Pricing Battle May Affect Its Revenue Goal (nytimes.com)

From feed by nytfeed on Wednesday March 07, 2007 @10:32PM

As the price war with Intel continued to take its toll, shares of Advanced Micro Devices fell 23 cents, or 1.6 percent.

Submission + - NZ Banks want .bank domain to reduce fraud

Submitted by Anonymous Coward on Tuesday February 27, 2007 @10:43PM

An anonymous reader writes: Banks want a new internet classification to help combat online fraud. Banks' internet addresses would then read westpac.bank.nz, for example, rather than westpac.co.nz. The . bank address would join the five current "moderated" addresses with restricted memberships. http://www.stuff.co.nz/3976481a28.html

Slashdot Top Deals