Today is the first day of Wimbledon 2008, one of the four grand slams. With a large global audience, viewing figures for these top tournaments are huge. Similarly, the volume of users browsing the various web sites associated with world tennis, is also large.
Last week, a web site for one of the professional players associations was compromised. Yes, regular readers, you guessed it - via an SQL injection attack [1,2,3]. We contacted them, and they are working on fixing the issue. In my opinion not fast enough for a site that attracts a few thousand visitors each day (according to its Alexa stats). At the time of writing the site is still serving up the malicious script tags.
Today, I noticed another major tennis-related site had been hit, this time one associated with the administration of the game. We have contacted the administrators of the site and advised them of the issue. Given that over 20,000 users per day browse the site (according to Alexa stats), let's hope they are quick to resolve the issue.
For site administrators, such defacements present an interesting dilemma, where keeping the site up and protecting visitors from malicious code are "balanced". Personally, I believe that affected sites should be taken down, or made safe as soon as the problem is known. Knowingly exposing users to malicious code for the sake of keeping a site up, even if people are actively working on cleaning the database(s) up, is all too common.
For the time being it is clearly still "Advantage, Attackers".