SQL Injection

(get it in RSS or Atom)

Racing Post let off with stern warning after data breach

Racing Post let off with stern warning after data breach (Cheryl Ann Quigley / Shutterstock.com)

The Racing Post, which suffered a data breach affecting over 677,000 users late last year, has been slacking off on its security arrangements since at least 2007. It's been given until the end of February 2015 to get its house in order.

1.2 billion logins scooped up by CyberVor hacking crew - what you need to do

sql-billions-250x250

Hackers have amassed a vast collection of stolen data, including 1.2 billion unique username/password pairs, by compromising over 420,000 websites using SQL injection techniques. This data haul may yet turn out to be a 'Heartbleed' moment for website owners who assume their sites are too small to be of interest to hackers.

SSCC 158 - What do you mean, "Don't knit your own remote authentication"? [PODCAST]

chet-chat-logo-featured-250

Here's this week's Chet Chat security podcast for your listening pleasure.

Chester Wisniewski and Paul Ducklin of Sophos dissect the week's security news to see what we can learn from other people's mistakes...

1,000,000 lost credit cards = £150,000 fine

p-pii-250

A UK travel company has been fined £150,000 for putting an "internal only" parking database system on the internet without securing it first.

The vulnerable system was used as a stepping stone for a crook to steal more than 1M e-commerce records.

Hacker claims breach of Wall Street Journal and Vice

Malicious hacker claims breach of Wall Street Journal, Vice

W0rm's been quite busy and has already pulled this on CNET, and likewise is again offering to sell user data and server credentials for one Bitcoin.

Monday review - the hot 22 stories of the week

Monday review - the hot 22 stories of the week

Here you go. All the stories we wrote in the past seven days, in case you missed anything (or just want to read them again).

How to report a computer crime: SQL injection website attack

How to report a computer crime: SQL injection attack

What would you do if your website was compromised by SQL injection? Do you know how you would go about reporting the crime to the authorities?

LulzSec hacker pleads guilty to Sony Pictures attack, faces prison sentence

LulzSec hacker pleads guilty to Sony Pictures attack

A former member of the LulzSec hacking gang has admitted to attacking the Sony Pictures website, and stealing the personal information of thousands of innocent individuals.

TinKode sentenced after hacking Oracle, NASA and others to expose weak security

TinKode sentenced after hacking Oracle, NASA and the Pentagon

The infamous hacker known as TinKode has been sentenced by a Romanian court - receiving a hefty fine and a suspended prison sentence.

Philips hacked, plaintext passwords revealed as R00tbeer gang strikes again

R00tbeer returns - Philips hacked, poor passwords revealed yet again

R00tbeer is back, we're sorry to say. This time the victim is Dutch technology giant Philips.

Paul Ducklin looks at some of the mistakes made by Philips, cracks some of the stolen hashes to remind you about password choice, and keeps us mindful of the real offenders here.

Hackers get into AMD and steal over 30,000 - wait for it - BYTES!

Hackers get into AMD and steal over 30,000 - wait for it - BYTES!

A hacker calling himself r00tbeer has announced on Twitter a hack of chip vendor and Intel rival AMD.

More of a hackette, really, but there's a lesson in there anyway...

Yahoo Voices hacked, nearly half a million emails and passwords stolen

yahoo-thumb

Yahoo Voices suffers a serious security breach, with over 450,000 unencrypted usernames and passwords posted online by hackers.

LinkedIn slapped with $5 million class action suit over leaked passwords

LinkedIn slapped with $5 million class action suit over leaked passwords

LinkedIn has been served with a potential $5 million class-action lawsuit on behalf of all users that charges the company with failing to use "basic industry standard" security practices.

Anonymous and LulzSec trawl Google Code search for security holes

Google

A new report suggests that Google's Code Search is being used by groups such as LulzSec and Anonymous to find passwords and other private data, gain access to secure networks and decide who their next victim should be.

Nokia developer network site hacked - personal information accessed

Nokia developer network site hacked - personal information accessed

Nokia shuts down its developer network forum after a hacker accessed members' records.

Anonymous hacks BART, creating even more innocent victims

iStockGuyFawkesMask245

Anonymous have continued their attacks today targeting the website myBART.org part of the San Francisco Bay Area Rapid Transit system. They claim it is in retaliation for a police shooting earlier this summer and the recent mobile phone blackout implemented to prevent organized protests.

Sony Portugal latest to fall to hackers

SonyMusicPortugal175

Sony Music Portugal is the latest Sony asset to be targeted by hackers. Is there light at the end of the tunnel? Are there other Sony websites that are still flawed?

Sony Europe hacked by Lebanese hacker... Again

iwasbored245

Updated with information on 14th attack against SonyPictures.RU. Sony was hacked for the 13th time, this time exposing usernames, passwords, work emails, mobile phones and web site information on 120 Sony Europe users.

PBS.org hacked... LulzSec targets Sesame Street?

PBSlogo245

Public Television in the United States is the latest organization to suffer a data loss incident. What motivates these criminal data breaches? Is any organization off limits?

Sony Ericsson acknowledges Canadian e-commerce site hacked

SonyEricssonLogo245

Sony Ericsson is the latest Sony property to be compromised through a SQL injection attack. Over 2,000 password hashes, email addresses and full names were disclosed. This is the tenth hack in 5 weeks, will Sony stop bleeding our data soon?