Tue 14 Aug 2007
It’s been a while since my last post, but contrary to rumors I am not dead – just traveling a lot (something I promise to blog about soon).
The UN’s website suffered an SQL injection over the weekend by hackers who defaced the homepage. According to this site the SQL injection exploited a database vulnerability, but I don’t think this was a super-sophisticated vulnerability exploit, but rather a simple SQL injection enabled by non-secure coding practices – this sort of SQL injection should be easily avoidable by binding variables, which apparently the UN techies didn’t do.
Shame. I think the Security Council should convene and unequivocally condemn the hackers. That’ll show them.
No Responses to “ SQL UNjection ”
Sorry, comments for this entry are closed at this time.