Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

SQL Injection attack may be behind Guardian website hack

Imperva : 27 October, 2009  (Technical Article)
Imperva believes the high profile attack on the Guardian Jobs Web site may not be as sophisticated as reported with classic signs of an SQL injection approach
The old security chestnut of SQL injection weaknesses may well be the cause for the weekend high-profile hacking of the Guardian Jobs Web site, says Imperva, the data security specialist.

Amichai Shulman, Imperva's chief technology officer, said that the most eye-catching feature of the site hack is the use of the phrase `sophisticated and deliberate attack.'

'Our experience shows that `sophisticated attack' is usually a pseudonym for `SQL Injection', although I must admit that an initial glimpse into the site hints that it may actually be a more sophisticated hack than the usual,' he said.

'At the end of the day, however, I don't think that it's much more than SQL Injection, sophisticated or otherwise,' he added.

'If it were a Trojan based attack (as happened in the TJX site hack) then they would have stated it by now and used a different wording like `hackers who managed to break into the Guardian network.''

According to Shulman, if, as seems likely, an SQL injection attack was to blame for the Guardian site hack, then tagging it as `sophisticated' might be a bit misleading, though not uncommon.

Organisations, he explained, have a tendency in such attacks to attach superlatives to the attack techniques used in a compromise in order to diminish from their responsibility.

'The only positive thing one can say is that the Guardian is not itself to blame, as the BBC news report on the incident refer to a third party company supplying the service. This is small comfort to site users, however, who will now be worried about identity theft issues,' he added.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo