Click here to receive your FREE subscription to Campus Technology
News
Microsoft Advisory Targets SQL Injection Attacks
6/25/2008
|
|
Microsoft Tuesday issued a new security advisory after the discovery of "a recent escalation in a class of attacks" targeting Web sites. The exploits are associated with Microsoft's Active Server Pages (ASP) and the ASP.NET 2.0 Framework, with SQL Server used as an entry vector for so-called SQL injection attacks.
ASP lets developers create dynamic Web pages, supporting interactive browser-based applications and e-commerce by connecting with a relational database (such as SQL Server) on the back end.
Even though Microsoft's technologies are used in the attacks, the fault lies with Web site developers that haven't followed the best practices for security, according to Redmond.
"[The attacks] do not exploit a specific software vulnerability, but instead, target Web sites that do not follow secure coding practices for accessing and manipulating data stored in a relational database," wrote Bill Sisk, security response communications manager for Microsoft in an e-mail to Redmondmag.com on Tuesday.
Microsoft's advisory describes three tools that can help protect individual Web sites from SQL injection attacks, according to Sisk. You can also find links to these tools at Microsoft's data platform blog here. According to Redmond, the free and downloadable tools come with detection and defense features.
SQL injection attacks are becoming increasingly common. In April, security consultancy White Hat identified isolated cases of SQL-based Web sites injected with malicious JavaScript code. Perhaps the worst of it was seen January, when a widespread barrage of SQL injection attacks occurred. At that time, tens of thousands of Windows- and SQL-based workstations were affected, as well as several thousand Web sites with .gov and .edu domain suffixes. Many of the problems were remedied before serious damage could be done.
Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others. You can contact Jabulani at editor@entmag.com.
Cite this Site
copy text (above) for proper citation
Recommended Reading
- Zoho Launches Online Document Management Tool
Online collaborative technology developer Zoho has launched its new Zoho Docs, a Web-based document management tool that's designed to integrate with Zoho's online spreadsheet, presentation, and document creation software.
- Red Hat Makes Strategic Virtualization Buy
Open source server distributor Red Hat Inc., which is carving out a virtualization path unique in the industry, added another arrow to its quiver Thursday with the acquisition of Qumranet Inc.
- Security Exploits to Google Chrome Browser Emerge
Google's Chrome Web browser--complete with quirky marketing comic book--made a splash when announced Tuesday, but what a difference a day makes. On Wednesday, proof-of-concept bugs affecting the Internet app were disclosed. Chrome is still early in its first public beta.
- Sun xVM VirtualBox 2.0 Hypervisor Adds 64-bit Support, Bolsters Performance
Sun Microsystems this week rolled out version 2.0 of its xVM VirtualBox. The product is a cross-platform, open source hypervisor that supports hosts ranging from Mac OS X and Windows to Solaris and 18 varieties of Linux.
- Rarity for China Schools: Nanjing University Deploys Campus-wide Wireless LAN
Nanjing University of Posts and Telecommunications in China has deployed a campus-wide wireless LAN (WLAN) from Motorola. The WLAN will enable multimedia Internet-based teaching, automatic academic office management, Internet access, long-distance teaching, and other services. Nanjing University of Posts and Telecommunications is one of the few universities in China to provide complete wireless LAN coverage to every building in addition to the campus' outdoor spaces.
- Pac-10 Teams Score Competitive Insight with BlueArc Storage
The Pacific-10 Conference (Pac-10), a group of sports teams from 10 colleges and universities, has expanded the use of its BlueArc Titan storage solution housed at the University of California, Los Angeles (UCLA) to store dozens of terabytes of game footage. In the 2008-2009 season, all of the Pac-10 football, women's volleyball, and men's and women's basketball teams will access opponents' video for competitive analysis from Titan storage.
