Monday, June 12, 2006

'SQL injection' attacks on the rise

""SQL injection" targets Internet databases that use a programming code called Structured Query Language. Nearly every Internet database in America uses SQL. And nearly any company that has data on customers -- from banks and phone companies to newspapers -- uses SQL on their Web sites. While many cyber-evildoers write worms and viruses to wreak havoc on a mass scale, those using SQL injection can pinpoint Web sites, enter in SQL code in log-in screens, and potentially trick the sites into giving them access. For Web sites not properly protected, hackers could type something as simple as "when 1 = 1..." Since one always equals one, the possibility exists that the program would get confused and grant a hacker entry. ...But it's not necessarily the number of attacks that worries Cote; it's the increasing severity and sophistication of them. Other network security companies, such as Atlanta-based SPI Dynamics Inc., concur. "

No comments: