Barney's Blog

Blog archive

All I Want for Christmas Is a SQL Injection

The holidays were a bit strange this year. The economy was tough, malls were empty, and we in America awaited a new and very different presidential administration.

My own family here in North Central Massachusetts also had an odd time. Due to a massive ice storm and an inept power company, our electricity went out and I had no heat for 15 days. It didn't crank back up 'til the day after Christmas (though many, including the elderly and poor, had it far worse than I did, so no complaints here). My family huddled around a space heater on Christmas morning and were none the worse for wear.

But Christmas wasn't entirely without gifts. Wall Street had $700 billion to play with, our next president talked about an extra trillion dollars or so a year in federal spending (deficit, what deficit?) and hackers blessed the world with a new SQL injection attack.

Apparently, no systems were actually hit and no patch has been released. The news leaked out only because a security researcher let it out, leading experts to rightly criticize the disclosure.

Posted by Doug Barney on 01/07/2009 at 1:16 PM


Featured

  • Microsoft Expands Azure AD Password Lengths, Adds Conditional Access Controls

    Microsoft announced a couple of Azure Active Directory enhancements this week regarding password lengths and new conditional access controls for IT pros.

  • Attack Surface Analyzer 2.0 Available for Checking Software Installs

    Microsoft this week described Attack Surface Analyzer 2.0, an updated tool for checking software installations that's now built using open source code.

  • What Causes Hyper-V Replication Failures?

    Hyper-V replication failures happen rarely, but their impact can be catastrophic when they do. Know the scenarios that are likely to trigger a replication failure.

  • Microsoft Touts Using HyperClear To Address Intel Processor Woes

    Microsoft is again promoting its HyperClear Hyper-V hypervisor technology as a potential balm for organizations trying to come to grips with Intel's latest speculative execution side-channel attack disclosures.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.