Cybersecurity SQL Injection Irony
It’s been a funny week for the SQL Injection Hall-of-Shame. As those who follow the Hall-of-shame know, there’s a pretty steady trickle of new incidents published regarding SQLi. It’s usually a few every month, not as many as are currently going into my new IoT Hall-of-Shame but still very regular.
So I was surprised that this week we have two new entries and they’re both cybersecurity companies. It’s partially funny, partially sad and partially scary.
First up is Staminus. They’re a DDoS protection company and seem to have a very good product. I spend more time on the SwSec and AppSec side of things but the kind of work they do is also important. However when you’re a security company, it’s just funny to people when you get hacked.
In this case Staminus was not only vulnerable to sql injection, but they were also doing other bad cybersecurity practices. In particular they seem to be storing customer credit card data unencrypted. One tenet of security is that you can never stop all attacks. You have to prepare for the inevitable day when someone breaches your system. That’s why it’s important that we have strong encryption, complaints from the FBI notwithstanding.
Following the attack the hackers actually left a funny message. The published a document called Tips when running a security company and detailed all the weaknesses they discovered due to bad security practices. In their defense, security expert Brian Krebs noted that anti-DDoS companies are regular targets for attackers.
Also in the news this week was well-known computer security company Symantec. They have a large share of the enterprise computer security market with their Symantec Endpoint Protection (SEP) product. SEP allows companies to manage the security software for all of their computers from a central management console (SEPM) and this was the tool that has the vulnerabilities.
As it turns out there are two vulnerabilities in SEPM, one is cross-site request forgery and one is SQL injection. While Symantec has called this a routine advisory, it was serious enough for US-CERT to issue an update advisory telling people to patch their SEPM software. US-CERT (United States Computer Emergency Readiness Team) is the government body in the US that keeps track of cybersecurity issues.
Yes, cybersecurity issues can and do happen to everyone. But we can all get at least a bit of a laugh when companies who’s only job is security are the targets. This is especially true when the issues involved are simple and preventable like SQL injection.
Cybersecurity SQL Injection Irony originally appeared on The Code Curmudgeon on March 18, 2016.
The post Cybersecurity SQL Injection Irony appeared first on The Code Curmudgeon.
http://codecurmudgeon.com/wp Twitter: @codecurmudgeon
Source: http://codecurmudgeon.com/wp/2016/03/cybersecurity-sqli-irony/
Anyone can join.
Anyone can contribute.
Anyone can become informed about their world.
"United We Stand" Click Here To Create Your Personal Citizen Journalist Account Today, Be Sure To Invite Your Friends.
Before It’s News® is a community of individuals who report on what’s going on around them, from all around the world. Anyone can join. Anyone can contribute. Anyone can become informed about their world. "United We Stand" Click Here To Create Your Personal Citizen Journalist Account Today, Be Sure To Invite Your Friends.
LION'S MANE PRODUCT
Try Our Lion’s Mane WHOLE MIND Nootropic Blend 60 Capsules
Mushrooms are having a moment. One fabulous fungus in particular, lion’s mane, may help improve memory, depression and anxiety symptoms. They are also an excellent source of nutrients that show promise as a therapy for dementia, and other neurodegenerative diseases. If you’re living with anxiety or depression, you may be curious about all the therapy options out there — including the natural ones.Our Lion’s Mane WHOLE MIND Nootropic Blend has been formulated to utilize the potency of Lion’s mane but also include the benefits of four other Highly Beneficial Mushrooms. Synergistically, they work together to Build your health through improving cognitive function and immunity regardless of your age. Our Nootropic not only improves your Cognitive Function and Activates your Immune System, but it benefits growth of Essential Gut Flora, further enhancing your Vitality.
Our Formula includes: Lion’s Mane Mushrooms which Increase Brain Power through nerve growth, lessen anxiety, reduce depression, and improve concentration. Its an excellent adaptogen, promotes sleep and improves immunity. Shiitake Mushrooms which Fight cancer cells and infectious disease, boost the immune system, promotes brain function, and serves as a source of B vitamins. Maitake Mushrooms which regulate blood sugar levels of diabetics, reduce hypertension and boosts the immune system. Reishi Mushrooms which Fight inflammation, liver disease, fatigue, tumor growth and cancer. They Improve skin disorders and soothes digestive problems, stomach ulcers and leaky gut syndrome. Chaga Mushrooms which have anti-aging effects, boost immune function, improve stamina and athletic performance, even act as a natural aphrodisiac, fighting diabetes and improving liver function. Try Our Lion’s Mane WHOLE MIND Nootropic Blend 60 Capsules Today. Be 100% Satisfied or Receive a Full Money Back Guarantee. Order Yours Today by Following This Link.
| Visits: | 1,708,137,086 |
| Stories: | 8,449,615 |
Whistler Blowers, Insiders
