Kahless2k - Slashdot User

Comment Re:$conn_id = mysql_connect("microsoft.com") (Score 1) 202

by Kahless2k on Tuesday August 12, 2008 @10:51PM (#24578111) Attached to: New SQL Injection Attack Fuses Malware, Phishing

First of all, this is not new. My logs have shown attempted attacks like this for over a month.

Second, the attack vector is not simply requesting parameters and passing them to the database; the code is sent as part of the querystring, which the server parses causing the code to be executed which appends the script call into most text fields in your database, in every record.

Default validations do NOT catch all the attempts, certainly most, but the odd one does get through validation - at this point, it doesnt matter how you coded your queries, as long as you have tables with text fields you are just as screwed - the code simply hits every table. Again, you do NOT have to pass this code to the database in your script to be vulnerable

There are modules to beef up the validation, and they work well to prevent this, but you dont have to be an idiot to be hit - and I resent that statement.

And yes, I operate a couple dozen sites across a number of servers and can see this activity clearly in my logs and have one or two successful attacks on fully patched servers to draw my information from.

Feed Gates Voices Concerns About U.S. Education (nytimes.com)

From feed by nytfeed on Thursday March 08, 2007 @01:12AM

Bill Gates told Congress that overhauls of the nation’s schools and immigration laws are needed to keep jobs from going overseas.

Feed In Policy Shift, C-Span Clears Some Clips for Web Use (nytimes.com)

From feed by nytfeed on Thursday March 08, 2007 @01:12AM

The decision to change its copyright policy covers about 50 percent of its material.

Submission + - 5 Things You Can't Discuss about Linux

Submitted by gondwannabe on Thursday March 08, 2007 @12:13AM

gondwannabe writes: Flamebait for the /. crowd? How about The Five Things You Aren't Allowed to Discuss About Linux With considerable chutzpa, an insightful Rob Enderle takes on what he considers five dogmas in the OSS community and explains why they're wrong. Examples: Linux is secure, "communes" actually work in the long haul, and that Linux is "pro-developer.

Bookmark Mystery of the dying bees (cosmosmagazine.com)

by benlester on Wednesday March 07, 2007 @11:51PM

Feed Shareholders Of Take-Two Plot a Revolt (nytimes.com)

From feed by nytfeed on Wednesday March 07, 2007 @11:12PM

A consortium of investors disclosed that it intended to oust the board and possibly the top management of Take-Two Interactive Software.

Feed Broadcasters Agree to Fine Over Payoffs (nytimes.com)

From feed by nytfeed on Wednesday March 07, 2007 @10:32PM

Four large radio station owners agreed to pay $12.5 million to resolve claims that they accepted cash in exchange for playing songs.

Feed A.M.D. Says Pricing Battle May Affect Its Revenue Goal (nytimes.com)

From feed by nytfeed on Wednesday March 07, 2007 @10:32PM

As the price war with Intel continued to take its toll, shares of Advanced Micro Devices fell 23 cents, or 1.6 percent.

Submission + - Music execs: Apple and DRM are the problem

Submitted by EMB Numbers on Tuesday February 27, 2007 @10:00PM

EMB Numbers writes: C-Net says last year saw a 131 percent jump in digital sales, but overall the industry still saw about a 4 percent decline in revenue. http://news.com.com/2100-1027_3-6162729.html?part= rss&tag=2547-1_3-0-5&subj=news At the opening of the conference, some of the panel members lashed out at Jobs. Members said Jobs' call three weeks ago for DRM-free music was "insincere" and a "red herring." Apple has maintained a stranglehold on the digital music industry by locking up iTunes music with DRM......and "it's causing everybody else who is participating in the marketplace — the other service providers, the labels, the users — a lot of pain. If they could simply open it up, everybody would love them."

Slashdot Top Deals