All I Want for Christmas Is a SQL Injection
The holidays were a bit strange this year. The economy was tough, malls were empty, and we in America awaited a new and very different presidential administration.
My own family here in North Central Massachusetts also had an odd time. Due to a massive ice storm and an inept power company, our electricity went out and I had no heat for 15 days. It didn't crank back up 'til the day after Christmas (though many, including the elderly and poor, had it far worse than I did, so no complaints here). My family huddled around a space heater on Christmas morning and were none the worse for wear.
But Christmas wasn't entirely without gifts. Wall Street had $700 billion to play with, our next president talked about an extra trillion dollars or so a year in federal spending (deficit, what deficit?) and hackers blessed the world with a new SQL injection attack.
Apparently, no systems were actually hit and no patch has been released. The news leaked out only because a security researcher let it out, leading experts to rightly criticize the disclosure.
Posted by Doug Barney on January 07, 2009