Welcome to 

    mickyj.com

   


















     

   
 

    

    


SQL Injection

 

Beware websites with search facilities. Beware websites that use passwords and database driven content. Some of these websites, even ones you trust, have been compromised and are attacking your workstations.

 

"SQL injection is a technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is in fact an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another."

 

In other words, a website developer has used a SQL database to deliver the content you want to view. A Malware or Exploit has allowed someone to type into the search boxes (or other boxes) strings of text that the database was not expecting and causes it to miss behave and possibly cause it to inject Malware onto it's host server. Most often, the attacker gets to load their own programs into the web servers filesystem and gets these programs to run automatically and then look for people to attack.

 

You as the visitor then come to the website, type in your search query and for your trouble, something downloads and infects your PC.

 

This infection is allowed through your firewall as it appears to be requested by you and a firewall always lets through what you request.

 

Your antivirus is then likely compromised and nothing can see the infection. This normally means there is nothing to protect you except your surfing habits.

 

This is not something you can fix at your end. Web masters and programmers need to be smarter about the way they design their websites. You can certainly be restrained and only visit specific websites you trust but this is a moving target.

 

Through Malvertisements (See my Malware Glossary) and SQL Injections, various numbers of trusted websites have recently been attacked. This has included everything from Government sites, footing tipping and even charity websites.

 

As examples:

 

From the above list, you might stay away from AOL sites but many people have ninemsn as their default page. Lots of people use Whitepages to look up phone numbers! How can you protect yourself if these things get through and avoid firewalls and the like ?

 

At this point in time, you can't. You need to be an alarmist and if something on your PC does not look or feel right after beig on the internet, you need to tell someone.

 

 

 

 

    

 

     ( )

 

 

 

 

                                                             This page was written and designed by Michael Jenkin 2011 © (Best viewed at 1024 x 768)