SQL Injection Remains a Constant Threat{5}


The article that I picked this week is named “Black Hat is Over, But SQL Injection Attacks Presist” by Victor Cruz. The article starts off by talking about an attack that happened earlier this year to yahoo that resulted in a break and leak of 400,000 of usernames and passwords from Yahoo. It says that SQL attacks have also affected companies such as Sony and LinkedIn recently, so this is obviously still a large threat to companies. The author gives an example of SQL injection saying that “hackers visit a website and fill out a text field with a SQL statement such as 1+1=2, which the log-in field interprets as true, allowing it to pass as legitimate credentials (Cruz, 2012).” This causes the server to release confidential information accidently because it has been tricked into thinking that a valid user has logged into the system. The article goes on to state that “Privacy Rights Clearinghouse reported that 312 million data records have been lost since 2005 and 83% of hacking-related data breaches were executed via SQL injection attacks (Cruz, 2012).” The article goes on to talk about how they are developing more reliable software to look for SQL injections and decipher them from safe input. The tool in question is called “libinjection” and is able to sort through heaps of data by converting input into tokens and checking those resulting tokens for anything that maybe being sent to try and attack the server. The article finishes by saying that “SQL Injection attacks are automated and website owners may be blissfully unaware that their data could actively be at risk (Cruz, 2012).”

I found the article to be relevant to this class because this will remain a threat to databases into the foreseeable future and it will only become worse as time goes on. It is also relevant because we are currently taking about SQL in class. Since databases are constantly growing and new ones are constantly added there will be a greater chance of leaked data as time goes on. This is because the security of the database is only as strong as the person’s skills or foresight that set it up.

I thought it was interesting because of the topic that was covered and how it started that 83% of data breaches have been caused by SQL injection. I also found it interesting because it covers one of the topics that were covered during a conference I went to over the summer. One of the presenters talked about SQL injection along with Cross Site Scripting, both of which will pose large threats to websites and databases that we will be setting up once we are out in the real world.

Cruz, V. (2012, 08 02). Black Hat is Over, But SQL Injection Attacks Presist. Retrieved from Wired: http://www.wired.com/insights/2012/08/black-hat-sql-injection/