SQL Injection Theft{2}


by Daniel M
The article that i read was about a group of people who were indicted for stealing 130 million credit card numbers by hacking into heartland payment systems. The men used SQL injection to steal the credit card numbers. The men were given 17- 25 years in prison. The article then talks about about how one form of SQL injection is when SQL commands and queries are embedded into the vales passed as usernames. The article says that “Another type of SQL injection involves passing a text string (of SQL commands) in place of a numeric value.” According to the article SQL injection almost solely affects  business and organizations, not individual users. The article also talks about how a lot of companies are vulnerable to SQL injection because of their lack of security against it. The article finishes with saying that SQL injections are relatively easy to prevent.

I think that this article is relevant to the class because it shows us that SQL injection is a problem for organizations. This means that we can use this knowledge to be prepared and make sure that we protect ourselves form SQL injection attacks. I find it interesting that SQL injection is such a huge problem and companies still don’t protect themselves as well as they should. So many companies can lose a lot of money or user information from something that is fairly simple to prevent. The article also talks about how a lot of people end up getting caught when they try to use SQL injection to hack into companies so it is not a good idea to try it.

 

Reference:

Albanesius, C. (2010, May 21). Inside the biggest online theft case. PC Magazine, Retrieved from http://www.pcmag.com/article2/0,2817,2363293,00.asp