Tag Archives: SQL Injection

Anonymous and LulzSec trawl Google Code search for security holes

by Mark Stockley on November 11, 2011 | 3 Comments
Google

A new report suggests that Google's Code Search is being used by groups such as LulzSec and Anonymous to find passwords and other private data, gain access to secure networks and decide who their next victim should be.

Share

Nokia developer network site hacked - personal information accessed

by Graham Cluley on August 29, 2011 | Leave a comment
Nokia developer network site hacked - personal information accessed

Nokia shuts down its developer network forum after a hacker accessed members' records.

Share

Anonymous hacks BART, creating even more innocent victims

by Chester Wisniewski on August 15, 2011 | 8 Comments
iStockGuyFawkesMask245

Anonymous have continued their attacks today targeting the website myBART.org part of the San Francisco Bay Area Rapid Transit system. They claim it is in retaliation for a police shooting earlier this summer and the recent mobile phone blackout implemented to prevent organized protests.

Share

Sony Portugal latest to fall to hackers

by Chester Wisniewski on June 9, 2011 | 2 Comments
SonyMusicPortugal175

Sony Music Portugal is the latest Sony asset to be targeted by hackers. Is there light at the end of the tunnel? Are there other Sony websites that are still flawed?

Share

Sony Europe hacked by Lebanese hacker... Again

by Chester Wisniewski on June 4, 2011 | 23 Comments
iwasbored245

Updated with information on 14th attack against SonyPictures.RU. Sony was hacked for the 13th time, this time exposing usernames, passwords, work emails, mobile phones and web site information on 120 Sony Europe users.

Share

PBS.org hacked... LulzSec targets Sesame Street?

by Chester Wisniewski on May 30, 2011 | 12 Comments
PBSlogo245

Public Television in the United States is the latest organization to suffer a data loss incident. What motivates these criminal data breaches? Is any organization off limits?

Share

Sony Ericsson acknowledges Canadian e-commerce site hacked

by Chester Wisniewski on May 25, 2011 | Leave a comment
SonyEricssonLogo245

Sony Ericsson is the latest Sony property to be compromised through a SQL injection attack. Over 2,000 password hashes, email addresses and full names were disclosed. This is the tenth hack in 5 weeks, will Sony stop bleeding our data soon?

Share

Sony Music Japan hacked through SQL injection flaw

by Chester Wisniewski on May 24, 2011 | 6 Comments
Sony Music Japan hacked through SQL injection flaw

Sony Music Japan has been hacked by a group known as Lulz Security. The latest breach did not expose sensitive user details, but adds to the growing list of Sony websites vulnerable to SQL injection attacks.

Share

Sony BMG Greece the latest hacked Sony site

by Chester Wisniewski on May 22, 2011 | 21 Comments
SonyBMGgr245

Another Sony website has succumbed to an attack disclosing personal details of Sony customers. SonyMusic.gr was attacked through SQL injection and information disclosed on pastebin.com.

Share

What's the deal with the Lizamoon SQL injection?

by Paul Baccas on April 1, 2011 | Leave a comment
The moon at about 3/4 phase

There has been a large amount of press in the last few days regarding "Lizamoon", the name being given to an attack which resulted in malicious code being injected into a large number of websites.

Share

MySQL.com and Sun hacked through SQL injection

by Chester Wisniewski on March 27, 2011 | 8 Comments
MySQLOracle

Proving that no website is ever truly secure, it is being reported that MySQL.com has succumbed to a SQL injection attack.

Share

ClassicCars.com hacked by Indonesian hackers

by Chester Wisniewski on February 7, 2011 | 2 Comments
hacked-250

An analysis of the defacement of classiccars.com. Find out how to secure your site against attack and some of the techniques used by our adversaries.

Share

CanSecWest 2010 Day 1

by Chester Wisniewski on March 25, 2010 | Leave a comment
Image (1) cansecbadge250.jpg for post 2786

As a Vancouverite it always seemed to be a bit of a shame that I have never attended a CanSecWest conference. This year I am here, the 11th annual CanSecWest conference, and I would like to thank Dragos Ruiu for Read more…

Share

Barack's donor data may be safe, but site was not properly secured

by Chester Wisniewski on October 31, 2009 | Leave a comment
Image (1) mybarackcookies.png for post 2947

On Monday this week I reported on donate.barackobama.com being hacked. While Blue State Digital and the Democratic Nationinal Committee may disagree, I stand by the statement. It was clear that something was incorrectly configured, whether the data that was exposed Read more…

Share

Barack Obama hacked by SQL injection

by Chester Wisniewski on October 26, 2009 | Comments Off
Barack Obama hacked by SQL injection

This story has been updated with content that supersedes much of the original content. Updates are found at the bottom of the story Hackers disclosed this morning that they have been able to compromise BarackObama.com through a SQL injection attack. Read more…

Share

Avoiding SQL injection attacks

by Fraser Howard on July 3, 2008 | Leave a comment
securing-thumb

One of the reasons the web is so popular with attackers today is that innocent sites can be compromised and used to infect large numbers of victims.

The best solution is to avoid getting hit in the first place.

Share

Wrong kind of 'accident and emergency'

by SophosLabs on June 6, 2008 | Comments Off
Default image

We have blogged about the recent SQL injection attacks a few times recently [1,2]. Though we have not mentioned it in the last few weeks, the problem has certainly not gone away. We are still seeing large numbers of sites Read more…

Share