Occupy SQL: We are the 97%

by Brian T
Most everyone at this point is familiar with groups like Anonymous and the league of imitators that try and prove their worth by exploiting websites and penetrating systems. While these actions have garnered respect and impressed feelings from some online communities, a study cited by Barclay’s lead payment security officer Neira Jones concludes that approximately 97% of data compromising cyber assaults globally are the result of SQL injections. The piece mentions that although the attack method has been in practice for over a decade, it’s actual usage is simply not acknowledged by website/database programmers – meaning that basic steps to prevent such injections are never implemented.

Picture a loophole in any form of contract. If that loophole is exploited time after time after time, and no attempt to revise the contract is ever made, the contract will begin to lose it’s integrity and purpose.

The first task that has been established to help with this loophole is the updating and improving of information security practices with coders. It is explained that the initial step in lowering the frequency of these attacks is to ensure that programmers are well-versed in generating air-tight, solid, and minimally exploitable SQL code. Once this training reduces assaults, more specialized security teams will then tackle the remaining (and more sophisticated) malicious techniques that hackers use to manipulate targeted databases.

Considering we are to learn all about SQL in the upcoming class sessions, I believe this article helps show that computer forensic experts are not always solely responsible for system breaches. Weight also rests on the programmers who should utilize safe practices in their own labors – after all, their work is fundamental and a structurally sound system starts from the bottom up. Since our generation is poised to assume these types of roles in the relatively near future, we must garner knowledge from stories like this one that will (hopefully) make us ever-so-slightly more prepared to do so.

 

Source:

Curtis, S. (2012, January 22). Avoidable attacks cause most data breaches. Retrieved from http://www.pcworld.com/article/248530/avoidable_attacks_cause_most_data_breaches.html

5 thoughts on “Occupy SQL: We are the 97%”

  1. Cool article. It’s really interesting to know that SQL injections have been going on for that long yet no one has bothered to do anything to prevent these attacks from happening in the first place. But maybe there haven’t been much techniques in prevention because no one had thought that SQL statements could be used in this malicious way when it first started out. However, now that people know that these attacks are happening, coders can have a better idea of what needs to be done in order to defend themselves.

  2. Interesting article. I had no idea that SQL injection accounted for 97% of all of data compromising cyber assaults. I also had no idea that this has been a problem for over a decade. This artcile will help me to realize this is a problem and is something that i need to look out for.

  3. I don’t understand why is it that they know about this issue but the programmers are not doing anything to prevent it while writing the code. The article states that the hackers use the same method for a decade and nothings been done about it? Either someones lazy or they are trying to stop it but get outsmarted by the hackers.

  4. (attempting to use the facebook comment again, hope this works *crosses fingers*).

    Everything with anonymous has been exploding in the nation as of late and everyone seems to be eating it up. Finding out now that they are using SQL Injection to do it is amazing to me considering this shouldn't be still a problem for most people. Think of how many students in class have already written articles about companies being hacked by SQL Injection, why this is still happening is beyond me. Amazing find with this article, I definitely would love to hear more!

  5. Cool article. It’s really interesting to know that SQL injections have been going on for that long yet no one has bothered to do anything to prevent these attacks from happening in the first place. But maybe there haven’t been much techniques in prevention because no one had thought that SQL statements could be used in this malicious way when it first started out. However, now that people know that these attacks are happening, coders can have a better idea of what needs to be done in order to defend themselves.

Comments are closed.