Dozens of College Servers Breached by SQL Injection {2}

by Eric C
Not only is the design and performance of databases an important aspect in the way databases work, but also the security of a database. There are many types of attacks that can be done to a database and the most common is a SQL injection. In a news article from CNET, hackers were able to collect thousands of personal data of students from college databases worldwide through the use of SQL injections. More than fifty universities were affected, and some of the top name colleges include Harvard, Princeton, and Stanford. To make matters worse, some 140,000 records were posted online for all to download. The information includes usernames and passwords, addresses, phone numbers, and some payroll information regarding both students and faculty. The mastermind behind this data dump is apparently by a group called GhostShell, whose intent was not to reveal personal data, but was to “focus on higher education.” However, the group not only found personal data, but also discovered that malware were already injected in the first place, showing the security risks many of these database servers have. read more...

SQL Knowledge {1}

by Jasmine C
My article was about how auditors can use SQL and also just some basic fundamentals statements that users should know. For auditors, SQL contains all the features that they will ever need to work with a database.  Basic statements allow for auditors to easily gather and process data relevant to their needs and display it in a way that is appropriate for their purpose.  As we all know, the basic statements of SQL are SELECT, INSERT, DELETE, and UPDATE.  The article discusses the need for each of these statements and also provides a few examples of how they are each used.  SELECT is the first statement with the purpose of extracting data.  Within the SELECT statement, you can have specific commands or functions that you will like to use to to manipulate your data.  For example, you can use the ORDER BY command to sort the data, you can use string functions to perform string expressions, and you can also use arithmetic expressions in a SELECT statement.  With the other statements, UPDATE, DELETE and INSERT, their purpose is to modify a database.  The other good thing about this article was that it listed some sites where people could go to learn more about SQL.  Some of the sites will even allow you to run statements and see the results. read more...