Oh the irony!
An internet-security company unable to secure their own database from SQL injection.
*sigh*
http://hackersblog.org/2009/02/07/us...sql-injection/
Oh the irony!
An internet-security company unable to secure their own database from SQL injection.
*sigh*
http://hackersblog.org/2009/02/07/us...sql-injection/
oops
you will find like any large organisation that the team that managed the website, was nothing to do with the team that made their software.
What this does show is that, once again you get what you pay for. There are FAR too many shoddy 'web development' firms out there. Far too many of the people use technologies like PHP with Magic Quotes that allows un-santised input straight into the SQL.
And for hte actual database people advocate things like MySQL which are really only just getting upto the 'grown ups' table, and are still horrifically lagging behind.
But given that most of the web developers just aren't up there on the whole developing securely, and maintably whilst quickly plate. Some of them are pushing the barriers faster than any others i've ever seen. But it does seam to have its share of cowboys.
In all honesty, i just can't see why a site like theirs wouldn't be abstracted away. If you're writing SQL you HAVE to ask why? What mistakes have been made? Why aren't you leveraging an ORM? Preferably with an expression tree over the top.
throw new ArgumentException (String, String, Exception)
Whoopsie daisy![]()
I wonder if they got the Barclay's customer database too?
Damn and I was always recommend either Kaspersky or Eset security products. Looks like just Eset from now on then.
theres still nothing wrong with kaspersky, just the idiots that built the website.
haha yer
i always recommend Eset Nod32 or AntiVir because antivir seems better in some places and is free.
There are currently 1 users browsing this thread. (0 members and 1 guests)