Click here to receive your FREE subscription to Campus Technology
News
Microsoft Advisory Targets SQL Injection Attacks
6/25/2008
|
|
Microsoft Tuesday issued a new security advisory after the discovery of "a recent escalation in a class of attacks" targeting Web sites. The exploits are associated with Microsoft's Active Server Pages (ASP) and the ASP.NET 2.0 Framework, with SQL Server used as an entry vector for so-called SQL injection attacks.
ASP lets developers create dynamic Web pages, supporting interactive browser-based applications and e-commerce by connecting with a relational database (such as SQL Server) on the back end.
Even though Microsoft's technologies are used in the attacks, the fault lies with Web site developers that haven't followed the best practices for security, according to Redmond.
"[The attacks] do not exploit a specific software vulnerability, but instead, target Web sites that do not follow secure coding practices for accessing and manipulating data stored in a relational database," wrote Bill Sisk, security response communications manager for Microsoft in an e-mail to Redmondmag.com on Tuesday.
Microsoft's advisory describes three tools that can help protect individual Web sites from SQL injection attacks, according to Sisk. You can also find links to these tools at Microsoft's data platform blog here. According to Redmond, the free and downloadable tools come with detection and defense features.
SQL injection attacks are becoming increasingly common. In April, security consultancy White Hat identified isolated cases of SQL-based Web sites injected with malicious JavaScript code. Perhaps the worst of it was seen January, when a widespread barrage of SQL injection attacks occurred. At that time, tens of thousands of Windows- and SQL-based workstations were affected, as well as several thousand Web sites with .gov and .edu domain suffixes. Many of the problems were remedied before serious damage could be done.
Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others. You can contact Jabulani at editor@entmag.com.
Cite this Site
copy text (above) for proper citation
Recommended Reading
- IMS/NGN Forum 'Plugfest' Eyes UC
In a way, it's not surprising that the sixth IMS/NGN Forum interoperability "plugfest," and the first to be held since the organizations formerly merged this week, will drill down into the unified communications (UC) space.
- Microsoft Promises To Improve UAC in Windows 7
Microsoft has been talking about future changes to Windows Vista's most maligned feature, User Account Control (UAC). This security feature, which alerts users via popup boxes, may get modified with Microsoft's next-generation Windows OS, according to the "Engineering Windows 7" blog.
- 'Blog Action Day' Calls for Discussion of Poverty
The second annual Blog Action Day takes place today, bringing together 8,000-plus blog, podcast, and videocast sites to post about the same issue on the same day. This year's topic is poverty. The purpose of the effort is, according to organizers, "to create a discussion. We ask bloggers to take a single day out of their schedule and focus it on an important issue. By doing so on the same day, the blogging community effectively changes the conversation on the web and focuses audiences around the globe on that issue. Out of this discussion naturally flow actions, advice, ideas, plans, and empowerment."
- Apple Refreshes Entire Notebook Line
Apple has refreshed its entire notebook lineup--including the MacBook, MacBook Pro, and MacBook Air--adding in expanded graphics capabilities, greater storage capacities, and, in some cases, faster CPUs. Al of the new models are available now, except for the MacBook Air, which will ship in November.
- American U Takes 'Campus Experience' Online
American University in Washington, DC has signed with media agency Realview TV to design, produce, and stream the school's online "Virtual Campus Experience." The video will showcase its students, faculty, and virtual campus on the Web via an interactive video-based micro site that's designed to match the school's brand.
- Is Higher Ed Technology Keeping Up with Student Demand?
Students see campus technology is a key factor in selecting a college or university and consider it critical for their professional development. Yet higher education institutions on the whole aren't keeping up with student needs in this area, according to a new report released Monday by CDW Government (CDW-G).
