Welcome! Log In Create A New Profile

Advanced

Re: Block SQL Injection

April 20, 2011 11:10PM
I was easy... So you would use some admins stupidity to backup 23
years of experience? That makes no sense to me but hey its ok, its the
internet after all

Hope you find an answer to your problem

On 4/20/11, Cliff Wells <cliff@develix.com> wrote:
> On Wed, 2011-04-20 at 17:43 -0700, Payam Chychi wrote:
>> Cliff Wells wrote:
>> > On Thu, 2011-04-21 at 04:22 +0700, Joe wrote:
>> >
>> >> Put a daily backup on your databases. :)
>> >>
>> >
>> > That doesn't really solve the issue. Once someone has compromised the
>> > database, they can usually leverage that to gain wider system access.
>> >
>> > Cliff
>> >
>> >
>> >
>> > _______________________________________________
>> > nginx mailing list
>> > nginx@nginx.org
>> > http://nginx.org/mailman/listinfo/nginx
>> >
>> >
>> how does exploiting your db = wider system breach? sorry but that makes
>> no sense
>
> Easy. What data does your database store? Quite probably usernames and
> passwords. A fundamental truth is that people often use the same
> passwords for multiple services. If you can obtain the password for a
> company's CMS or Webmail application, chances are you now have their
> password for multiple services.
>
> For a recent and well-publicized example of this type of intrusion,
> Members of Anonymous hacked HBGary's database via a SQL-injection attack
> on their CMS, which eventually led to compromised email accounts. They
> then leveraged this to obtain more sensitive information via social
> engineering (using a stolen email address to get ssh passwords).
>
> http://arstechnica.com/tech-policy/news/2011/02/anonymous-speaks-the-inside-story-of-the-hbgary-hack.ars
>
>> and ive been doing system/network security & networking for
>> over 10 years.
>
> Well, I've been doing it for 23 years, so give yourself a little more
> time.
>
> Regards,
> Cliff
>
>
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://nginx.org/mailman/listinfo/nginx
>

--
Sent from my mobile device

Payam Tarverdyan Chychi
Network Security Specialist / Network Engineer

_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx
Subject Author Posted

Block SQL Injection

jacppe April 20, 2011 01:05PM

Re: Block SQL Injection

SplitIce April 20, 2011 01:26PM

Re: Block SQL Injection

Cliff Wells April 20, 2011 04:24PM

Re: Block SQL Injection

Ryan Malayter April 20, 2011 04:48PM

Re: Block SQL Injection

unclepieman April 20, 2011 05:10PM

Re: Block SQL Injection

Joe April 20, 2011 05:24PM

Re: Block SQL Injection

Cliff Wells April 20, 2011 06:12PM

Re: Block SQL Injection

unclepieman April 20, 2011 08:46PM

Re: Block SQL Injection

Cliff Wells April 20, 2011 09:38PM

Re: Block SQL Injection

unclepieman April 20, 2011 11:10PM

Re: Block SQL Injection

Cliff Wells April 20, 2011 11:32PM

Re: Block SQL Injection

edogawaconan April 20, 2011 11:42PM

Re: Block SQL Injection

Cliff Wells April 21, 2011 12:00AM

Re: Block SQL Injection

António P. P. Almeida April 20, 2011 05:44PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 111
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready