by Leonardo S
The article I chose for this week is titled “Hackers Trade Tips On DDoS, SQL Injection” by Mathew J. Schwartz. The main focus of the article is on the activity of certain underground hacker forums. The data security firm Imperva monitored 18 forums and released a report saying that the two hottest topics were DDoS attacks and SQL injection attacks. A distributed denial of service attack involves flooding a network with fake packets in order to make it inaccessible. The other attack, an SQL injection, involves a hacker sending their own commands into a database. If it doesn’t have the right security, the hacker can easily use commands to access the information stored in the database. Imperva also announced that SQL injection attacks are the most used type of attack against website. This announcement was backed by the fact that many security experts believe that SQL injection attacks are what caused the breach in South Carolina state databases in which thousands of credit card and social security numbers were taken.
Now that we will begin talking about SQL, I think it’s important to know that it is being used in a criminal sense. By using the same methods to retrieve and insert data in a legit business environment, a hacker could instead get important information that he otherwise should not have access to. While we learn about SQL I hope that we will also learn how to better prepare for SQL injections.
This article stood to me out because it shows that there are most likely people who are congregating on internet forums to try and learn how to use hacking techniques including SQL injection. This makes data security even more important for virtually every business out there. Hopefully the damage control for the South Carolina state attack goes smoothly and that other database admins see it as a reason to bump up security for their own systems.
Mathew J. Schwartz. (2012). Hackers Trade Tips On DDoS, SQL Injection. Available: http://www.informationweek.com/security/attacks/hackers-trade-tips-on-ddos-sql-injection/240012531?queryText=database . Last accessed November 4, 2012.