by Hongde H
The article I read this week is about one of the latest tech company, Yahoo got hacked by SQL injection that exposes 453,000 passwords. According to TrustedSec , the exposed passwords contained a wide variety of email addresses including those from yahoo.com, gmail.com, aol.com, and much more. TrustedSec also pointed out that the passwords were stored completely unencrypted and the full 400,000+ usernames and passwords are now public.
Moreover, a hacker group calling itself D33ds posted the passwords and a host of associated email addresses online after the hack and they claimed to have used a Union-based SQL injection to steal the data, posting it online as a “wake-up call”.
SQL injection is the most dangerous hacking techniques out there. With SQL injection, a malicious attack can drop you a table or even a whole database in a few seconds and with a very simply command through your website.
I choose this article is because we are learning SQL. While learning and using SQL to help us finish our work in an efficient way, we should also beware of there are hackers unethically making use of it in certain perspectives.
Besides the purpose of “wake-up call” of the SQL problem we have been facing and solving for decades, we should all raise our attention on what we can do to protect ourselves. For example, as an SQL user, we might want to focus on things we can do to better prevent our database from SQL injection such as things to be done at the code level to prevent SQL injection. As an enterprise, ones might want to encrypt password information, create rules to filter input field contents on publicly-facing web sites to reduce the impact of SQL injections, and install and maintain security appliances to protect those zones. As an individual, ones might want to change password regularly and make his/her password stronger by making good use of letter caps, letters, numbers…etc.
Source: Chloe Albanesius (July 12, 2012) ” Yahoo Voices Breach Exposes 453,000 Passwords”
Retrieve from: http://www.pcmag.com/article2/0,2817,2407015,00.asp