Slashdot Mirror

← Back to Stories (view on slashdot.org)

SQL Injection Turns BusinessWeek Into Viral Replicator

Posted by CmdrTaco on from the glad-it's-not-us dept.

martins writes "The website of popular magazine BusinessWeek has been attacked via SQL injection in an attempt to infect its readership with malware. Hundreds of pages in a section of BusinessWeek's website which offers information about where MBA students might find future employers have been affected."

5 of 116 comments (clear)

  1. Malic or incompetence? by Scutter · · Score: 4, Insightful

    Sophos informed BusinessWeek of the infection last week, although at the time of writing the hackers' scripts are still present and active on their site.

    It's bad enough to have an insecure site, but to ignore the break-in for a week or more is just unconscionable.

    --

    "Tell me doctor, with all of your defenses, are there any provisions for an attack by killer bees?"
  2. ATTENTION WEB DEVELOPERS by Anonymous Coward · · Score: 5, Insightful

    HAI!

    Just a friendly reminder - your Database Admin will be more than happy to set up multiple users for you with different permissions. For instance, a user with "write" privileges that can be used by the website backend page that the editors use, and a user with "read only" permissions that the public facing web server(s) will use when presenting the page to the public.

    That is all.

    1. Re:ATTENTION WEB DEVELOPERS by Anonymous Coward · · Score: 3, Insightful

      Multiple DB users, proper escaping, you know it's not actually an either-or situation. If the only way you know to set up a database is through phpMyAdmin, then you need help reading the manual.

  3. AND I don't mean ... by BitterOldGUy · · Score: 4, Insightful
    to disparage education. It's just that the days of getting more education to advance in your career, at least in corporate America, are gone. All you need are the basics; which usually is a BS in your field. It's who you know. And even then, if thy're snobs who don't associate with "your kind of people" it doesn't matter either. We're rapidly becoming a downwardly mobile society.

    I'm just ... look at my user name...

  4. Re:MBA students, appropriate. by jellomizer · · Score: 4, Insightful

    To be a good Architect you often need a strong business knowledge. Yea Yea You know how to program you so smart (being that I learned to program at 6 years old) it doesn't take a genius to program. But in reality being able to be a good programmer doesn't mean you can design or create solutions that solve real business problems. I have been in the industry for a long time too. Working as a consulting I was actually the top database developer for multiple companies, including many fortune 500 companies. However I found that creating the code is a piece of cake, however the hard part is trying to understand the business process, then filtering out what is needed and not for the code to run successfully without having to run extra work, as well understand what is happening so in a case the software fails (or hardware) you can come up with a quick workaround solution for the employees until you can get a working version. Business knowledge is a key area. If you are working in a business environment getting Masters in computer science wouldn't be as useful as getting an MBA.

    --
    If something is so important that you feel the need to post it on the internet... It probably isn't that important.