SQL Injection Remains a Constant Threat

by Brian B
The article that I picked this week is named “Black Hat is Over, But SQL Injection Attacks Presist” by Victor Cruz. The article starts off by talking about an attack that happened earlier this year to yahoo that resulted in a break and leak of 400,000 of usernames and passwords from Yahoo. It says that SQL attacks have also affected companies such as Sony and LinkedIn recently, so this is obviously still a large threat to companies. The author gives an example of SQL injection saying that “hackers visit a website and fill out a text field with a SQL statement such as 1+1=2, which the log-in field interprets as true, allowing it to pass as legitimate credentials (Cruz, 2012).” This causes the server to release confidential information accidently because it has been tricked into thinking that a valid user has logged into the system. The article goes on to state that “Privacy Rights Clearinghouse reported that 312 million data records have been lost since 2005 and 83% of hacking-related data breaches were executed via SQL injection attacks (Cruz, 2012).” The article goes on to talk about how they are developing more reliable software to look for SQL injections and decipher them from safe input. The tool in question is called “libinjection” and is able to sort through heaps of data by converting input into tokens and checking those resulting tokens for anything that maybe being sent to try and attack the server. The article finishes by saying that “SQL Injection attacks are automated and website owners may be blissfully unaware that their data could actively be at risk (Cruz, 2012).”

I found the article to be relevant to this class because this will remain a threat to databases into the foreseeable future and it will only become worse as time goes on. It is also relevant because we are currently taking about SQL in class. Since databases are constantly growing and new ones are constantly added there will be a greater chance of leaked data as time goes on. This is because the security of the database is only as strong as the person’s skills or foresight that set it up.

I thought it was interesting because of the topic that was covered and how it started that 83% of data breaches have been caused by SQL injection. I also found it interesting because it covers one of the topics that were covered during a conference I went to over the summer. One of the presenters talked about SQL injection along with Cross Site Scripting, both of which will pose large threats to websites and databases that we will be setting up once we are out in the real world.

Cruz, V. (2012, 08 02). Black Hat is Over, But SQL Injection Attacks Presist. Retrieved from Wired: http://www.wired.com/insights/2012/08/black-hat-sql-injection/

5 thoughts on “SQL Injection Remains a Constant Threat

  • November 11, 2012 at 6:06 pm
    Permalink

    SQL Injection attacks are definitely a threat. The numbers you talk about in your article are proof of that. I am interested to see what kinds of security measures are and will try to use to prevent this from happening further. Companies who store credit card information definitely need to work on this and find a solution fast. Good article!

  • November 11, 2012 at 6:43 pm
    Permalink

    I did an article last week that also talked about SQL injections. I did not know that SQL injections were so prevalent in big companies such as Yahoo and Sony. The fact that 83% of hacking related data breaches were through SQL injection proves that it is the most preferred form of hacking. SQL injections are a growing threat and it is important aspect that we must bring attention towards.

  • November 11, 2012 at 7:27 pm
    Permalink

    Nice post, it is very similar to mine. With more and more cases like Yahoo are happening, SQL injection is definitely a big problem that gets our attention. In my post, I listed out certain ways that we can do to reduce or avoid getting hurt from SQL injection. But yours also cover what my post doesnt. I’d suggest everyone to read both. Nice work. Thanks

  • November 11, 2012 at 8:00 pm
    Permalink

    My past two article have been about SQL injection attacks. My article this week talks about one possible way to remove vulnerabilities from java code using SQL statements. However, reading this article showed that it is still a very relevant kind of attack. Hearing this really makes me want to learn about more ways to preventing this type of hack. Thanks for the post.

  • November 11, 2012 at 9:00 pm
    Permalink

    I just did my post on how to reduce damage from SQL injection. I have no doubt that SQL injection is creating serious damage to many business including major companies. I found out there are many different type SQL injection methods while I was reading through articles regarding SQL injection, and there are many different prevention technics according each type of injection. Use prepared statement is a one of many ways to prevent SQL injection

Comments are closed.