02 May 2008

If we're not secure, what hope do you have?

Via Wired

A new SQL injection attack aimed at Microsoft IIS web servers has hit some 500,000 websites, including the United Nations, UK Government sites and the U.S. Department of Homeland Security. […] However, the vulnerability is the result of poor data handling by the sites’ creators, rather than a specific Microsoft flaw.

In other words, there’s no patch that’s going to fix the issue, the problem is with the developers who failed follow well-established security practices for handling database input.

Woo, don’t I feel secure now! The Department of Homeland Security can’t even manage to prevent basic network based attacks on their public websites.

Posted by orbital at 7:31 AM | View 0 TrackBacks | Trackback URL