Dozens of College Servers Breached by SQL Injection{2}


Not only is the design and performance of databases an important aspect in the way databases work, but also the security of a database. There are many types of attacks that can be done to a database and the most common is a SQL injection. In a news article from CNET, hackers were able to collect thousands of personal data of students from college databases worldwide through the use of SQL injections. More than fifty universities were affected, and some of the top name colleges include Harvard, Princeton, and Stanford. To make matters worse, some 140,000 records were posted online for all to download. The information includes usernames and passwords, addresses, phone numbers, and some payroll information regarding both students and faculty. The mastermind behind this data dump is apparently by a group called GhostShell, whose intent was not to reveal personal data, but was to “focus on higher education.” However, the group not only found personal data, but also discovered that malware were already injected in the first place, showing the security risks many of these database servers have.

With the introduction of moving the business rules and its data to the SQL server, it is very important to also focus on the security of the sever. Security implementations must be done at a very early stage and testing should be done as well to verity the security measures put in place. The use of SQL injections include the many commands that we are learning in chapter five. Common commands such as SELECT, FROM, WHERE can be used in for something called a blind SQL injection, where the hackers try different statements to see if they can find vulnerabilities.

It seems that many SQL databases are very prone to SQL injections, even from huge companies such as Sony. Sony’s PlayStation Network was hacked last year through SQL injections as well and thousands of personal information was breached, including credit card information. Since this is the case, there must be a solid way to prevent SQL servers from attack by hackers. Apparently it is easy enough for hackers to steal personal information from various severs worldwide, therefore tight security is a must for database administrators and designers.

Source:

Musil, S. (2012, October 3). Hackers post data from dozens of breached college servers. Retrieved November 11, 2012, from http://www. http://news.cnet.com/8301-1009_3-57525684-83/hackers-post-data-from-dozens-of-breached-college-servers/