Slashdot Mirror

← Back to Stories (view on slashdot.org)

SQL Injection Turns BusinessWeek Into Viral Replicator

Posted by CmdrTaco on Monday September 15, 2008 @01:33AM from the glad-it's-not-us dept.

martins writes "The website of popular magazine BusinessWeek has been attacked via SQL injection in an attempt to infect its readership with malware. Hundreds of pages in a section of BusinessWeek's website which offers information about where MBA students might find future employers have been affected."

1 of 116 comments (clear)

Min score:

Reason:

Sort:

Re:Malic or incompetence? by ednopantz · 2008-09-15 04:43 · Score: 5, Interesting

They just don't teach anything about security in schools. We interviewed an intern candidate this spring and asked her how one would avoid a SQL injection attack.
Her response: "Don't use Microsoft products."
Swing and a miss!
The candidate's sample code had a big 'ol SQL injection vulnerability. Yet the instructor raved over his project.