Hackers Wipe Clean Database on RIAA WebsiteMalicious attacks have been reportedly targeting the RIAA or Recording Industry Association of America's website intending to overwhelm it with sustained requests and eventually deleting its stored data. According to officials at the RIAA, the association used a flawed content management system that was without a patch. The attackers injected an SQL to RIAA website that made it vulnerable. An SQL attack is the simplest type of website attack which neither require special tools nor a great amount of knowledge. The flaw allowed a massive number of MD5 hash derivations that became workable through MySQL. An attack with SQL injection succeeds when any unskilled programmer transfers variable for a URL directly into an invalidated query. The method exploits security holes in the layered database of software. The first attack occurred on Sunday January 20, 2008 through an SQL injection from a hyperlink provided on Reddit.com, a content aggregation site used for social network news, which triggered an SQL query on the database of RIAA. Another attack, which used a simple form of SQL injection, deleted the entire database from the website of RIAA. The current sequence of attacks indicates that the unauthorized intruder didn't think of attempting a condition of denial of service. Hence, the hacker again launched his attack by readjusting the code of the SQL injection to remove the tables holding the content of the site. According to weblog, torrentfreak, Reddit used the username that apparently was set up as "webReadOnly". It possibly wasn't correct, as attackers were able to find methods to erase the site content. Following the hijack of the website, the hacker wiped it clean by attaching a command for delete into the SQL injection assault. The attack appeared less harmful and more symbolic since the Recording Industry Association of America started to heavily impose IP protection. RIAA officials believed that the high-profile lawsuits it filed against file sharers was partly responsible for making the Association a key target for hackers. Moreover, its rudimentary security solutions appeared especially ineffective even though, like it happens with majority of such cases, there had actually been little damage. Related article: Hackers Redirect Windows Live Search to Malicious Sites ยป SPAMfighter News - 2/4/2008 |    |
Dear Reader
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!
 |  |
