two
Volume 3, Number 25 -- July 26, 2006

SQL Injection Attacks Being Used by Hackers for Profit

Published: July 26, 2006

by Alex Woodie

IT security firm SecureWorks last week reported a sharp rise in so-called "SQL Injection" attacks across the Web since April. The attacks, which involve a hacker injecting malicious code into a form connected to a database through a Web site, are originating from overseas, and are becoming increasingly successful tools for committing financial crimes, the company says.

SecureWorks CTO Jon Ramsey explains how popular SQL Injection attacks have become. "From January through March, we blocked anywhere from 100 to 200 SQL Injection attacks per day," he says. "As of April, we have seen that number jump from 1,000 to 4,000 to 8,000 per day."

SecureWorks continuously monitors the state of malware on the Web for its clients, which use its intrusion prevention system for servers and networks. "Although we certainly see a higher volume with other types of attacks, what makes the SQL Injection exploits so worrisome is that they are often indicative of a targeted attack," Ramsey says.

As opposed to a worm, which spreads indiscriminately, a SQL Injection attack by its nature is a targeted attack. The attacks can affect any type of dynamic input box for a Web form connected to any standard SQL database. An easy to way prevent such attacks is to validate the data before submitting the query, but not all Web sites take this step.

Several recent criminal attacks have utilized the SQL Injection method, including last year's CardSystems security breach, where hackers stole 263,000 customer credit card numbers and exposed 40 million more, SecureWorks says. And last December, Russian hackers broke into a Rhode Island government Web site and stole up to 53,000 credit card numbers.

Sponsored By
MKS

Knowledge is Power.

MKS brings you real-time visibility and traceability across platforms,
teams and the entire application lifecycle from requirements through deployment.

More than 60% of software projects in the U.S. fail, and poor requirements is
one of the top 5 reasons. Are your projects at risk?

With poor requirements being cited as one of the top 5 reasons for software project failures in the U.S. it is clear that requirements management must be an integral part of the development process, and is vital to mitigating risk on large projects. MKS offers you a truly unique solution - the first requirements management tool built into a complete application lifecycle management solution. The result is greater visibility and traceability for requirements throughout the lifecycle and better communication between development, QA and business users.

For more information, download the white paper: An Innovative Approach to Managing Software Requirements

Components of MKS Integrity for application lifecycle management include:
· MKS Requirements for integrated requirements management
· MKS Integrity Manager for process and workflow management and defect tracking
· MKS Source Integrity Enterprise for software configuration management,
   version control and globally distributed team development
· Implementer for software configuration management and deployment on the iSeries
· OpenMake for enterprise build management
· MKS Build and Deploy for deployment management to production environments

MKS integrates with leading modernization tools such as IBM WebSphere and Microsoft Visual Studio .NET.

For more information, visit http://www.mks.com/solutions/index.jsp

Contact MKS Sales at 1-800-613-7535 or sales@mks.com
Editor: Alex Woodie
Contributing Editors: Dan Burger, Joe Hertvik,
Shannon O'Donnell, Timothy Prickett Morgan
Publisher and Advertising Director: Jenny Thomas
Advertising Sales Representative: Kim Reed
Contact the Editors: To contact anyone on the IT Jungle Team
Go to our contacts page and send us a message.

Sponsored Links

Micro Focus:  Develop, extend and deploy applications with Server Express and Enterprise Server
Wolf Computer Consulting:  Reliable service and affordable rates for business computing needs
COMMON:  Join us at the Fall 2006 conference, September 17-21, in Miami Beach, Florida

 
THIS ISSUE SPONSORED BY:

Vision Solutions
OpenLogic
Lakeview Technology
World Data Products
MKS



TABLE OF CONTENTS
Microsoft Promises Not to Do It Again, Hands Down Twelve Tenets

The AMD-ATI Acquisition: Integration and Freedom for Customers, IHVs

Microsoft Grows Yearly Revenue by 11 Percent

HP Gears Up for Montecito Itanium Shipments

But Wait, There's More:

Winternals Acquired by Microsoft . . . SQL Injection Attacks Being Used by Hackers for Profit . . . New Betas of Exchange Server 2007 and Accompanying Antivirus Released . . . LogLogic Takes Appliance Approach to Log Management . . . Recent Intel and AMD Financials Disappoint Wall Street . . . IBM Has Its Financial Ups and Downs in Q2 . . .

The Windows Observer

BACK ISSUES

The Four Hundred
Pandora's Box: A Rumored Entry Power Server

IBM Has Its Financial Ups and Downs in Q2

Horticulture Companies Grow With the System i5

Mad Dog 21/21: Big Indians, Little Indians

The Linux Beacon
Intel Aims Dual-Core Itaniums at RISC, Mainframe Servers

HP Gears Up for Montecito Itanium Shipments

Who's Ahead in the X64 Server Wars?

The X Factor: Is Memory-Based Software Pricing the Answer?

Big Iron
IBM Gets High Security Marks for Mainframe, Unix Virtualization

Top Mainframe Stories and Vendor Announcements

Chats, Webinars, Seminars, Shows, and Other Happenings

The Unix Guardian
Intel Aims Dual-Core Itaniums at RISC, Mainframe Servers

HP Gears Up for Montecito Itanium Shipments

IBM Has Its Financial Ups and Downs in Q2

As I See It: The Great Disconnect


 
Subscription Information:
You can unsubscribe, change your email address, or sign up for any of IT Jungle's free e-newsletters through our Web site at http://www.itjungle.com/sub/subscribe.html.

Copyright © 1996-2008 Guild Companies, Inc. All Rights Reserved.
Guild Companies, Inc., 50 Park Terrace East, Suite 8F, New York, NY 10034

Privacy Statement