Add as a preferred source on Google


Barney's Blog

Blog archive

All I Want for Christmas Is a SQL Injection

The holidays were a bit strange this year. The economy was tough, malls were empty, and we in America awaited a new and very different presidential administration.

My own family here in North Central Massachusetts also had an odd time. Due to a massive ice storm and an inept power company, our electricity went out and I had no heat for 15 days. It didn't crank back up 'til the day after Christmas (though many, including the elderly and poor, had it far worse than I did, so no complaints here). My family huddled around a space heater on Christmas morning and were none the worse for wear.

But Christmas wasn't entirely without gifts. Wall Street had $700 billion to play with, our next president talked about an extra trillion dollars or so a year in federal spending (deficit, what deficit?) and hackers blessed the world with a new SQL injection attack.

Apparently, no systems were actually hit and no patch has been released. The news leaked out only because a security researcher let it out, leading experts to rightly criticize the disclosure.

Posted by Doug Barney on January 07, 2009


Featured

  • Microsoft Dismantles RedVDS Cybercrime Marketplace Linked to $40M in Phishing Fraud

    In a coordinated action spanning the United States and the United Kingdom, Microsoft’s Digital Crimes Unit (DCU) and international law enforcement collaborators have taken down RedVDS, a subscription based cybercrime platform tied to an estimated $40 million in fraud losses in the U.S. since March 2025.

  • Sound Wave Illustration

    CrowdStrike's Acquisition of SGNL Aims to Strengthen Identity Security

    CrowdStrike signs definitive agreement to purchase SGNL, an identity security specialist, in a deal valued at about $740 million.

  • Microsoft Acquires Osmos, Automating Data Engineering inside Fabric

    In a strategic move to reduce time-consuming manual data preparation, Microsoft has acquired Seattle-based startup Osmos, specializing in agentic AI for data engineering.

  • Linux Foundation Unites Major Tech Firms to Launch Agentic AI Foundation

    The Linux Foundation today announced the creation of a new collaborative initiative — the Agentic AI Foundation (AAIF) — bringing together major AI and cloud players such as Microsoft, OpenAI, Anthropic and other major tech companies.

Most   Popular