David Litchfield's Weblog

Home
Archives
NGSSoftware
DatabaseSecurity.com


Greymatter Forums

November 2007
SMTWTFS
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30  

Valid XHTML 1.0!

Powered By Greymatter

RSS 1.0 FEED
RSS 2.0 FEED
Atom 0.3 FEED
Powered by gm-rss 2.0.1
Home » Archives » November 2007 » A new SQL Injection Breach

[Previous entry: "11g UTL_HTTP update"] [Next entry: "Navy vs. Notre Dame"]

11/04/2007: "A new SQL Injection Breach"


Via Adam (thanks, brother!), a confirmed SQL injection based breach has recently been announced: Scarborough & Tweed, an online distinctive gift e-outlet based in Pleasantville, NY, has reported a breach. This is a black and white case of SQL injection as they say so. This is fantastic - the more colourful a breach notification can be the better - give us the details!!! To be honest I don't care if my information is 0wn3d - I care *how* it is 0wn3d. The only way industry can improve is by learning by the mistakes of previous netstumblers. If those who suffer such breaches don't suffer unto us the details then it's not worth the paper it's written on.