MySQL.com Victim of SQL Injection Attack

Introduction On 27th March 2011 a message was posted on the popular Full Disclosure mailing list exposing a recent hack against the website mysql.com. This vulnerability was apparently also reported by a hacker called TinKode, who also claims to have found a cross site scripting…

Read more

Cross Site Scripting Attacks

Hackers are constantly experimenting with a wide repertoire of hacking techniques to compromise websites and web applications and make off with a treasure trove of sensitive data including credit card numbers, social security numbers and even medical records. Cross Site Scripting (also known as XSS…

Read more

You can’t change what you tolerate

Attending a recent meeting I heard one of the speakers say “You can’t change what you tolerate.” Apparently it’s a quote from Cesar Millan (the dog whisperer) but it really struck a chord in me regarding web application security and overall information risk management. How…

Read more

How to Avoid the Google Blacklist

In the ‘old days’ – around 4 to 6 years ago, when the Google Blacklist was less of a news item – hackers were primarily interested in stealing customer data from websites. They would cause absolute havoc after breaking in, stealing anything from customer credit card…

Read more

General Facts and Figures on Web Hacking

Facts about Web Hacking Verizon Business conducted a 2009 study of 90 Web data breaches. The results of this study were presented in The Data Breach Investigative Report (DBIR) and included the following facts and figures: 285 million data records were exposed in the 90…

Read more