All the latest UK technology news, reviews and analysis

BusinessWeek suffers SQL injection attack

by Shaun Nichols

More from this author

16 Sep 2008

Be the first to comment

  • Tweet this
Hacker
Hackers are increasingly using SQL injection attacks

Business news magazine BusinessWeek has become the latest victim of the rising phenomenon of SQL injection attacks.

Security firm Sophos said that the company had hundreds of pages within its site infected with malicious code.

Further reading

Graham Cluley, senior technology consultant at Sophos, said in a blog posting that the attackers had apparently run the attack through BusinessWeek's online job-hunting application.

SQL injection attacks are performed by entering specially-crafted code into a page's input field which can covertly redirect users to malicious sites. In this case, the code was redirecting users to an attack page hosted in Russia, according to Cluley.

"It is worrying when any site suffers from a malicious SQL injection attack but, when it's also one of the 1,000 busiest websites on the internet, the stakes are even higher," he said.

"The potentially large number of people visiting the site and accessing information to assist their careers may be putting their finances or personal data in jeopardy if they are not properly protected."

The magazine has said that it has removed the offending web application and that no user data was believed to be compromised.

SQL injection attacks have become increasingly popular in the past year. The tactic is often used to compromise online forums and can be scripted automatically to generate hundreds of thousands of infected pages.

Because many of the avenues used in SQL injection attacks are not necessarily known vulnerabilities, but rather the result of poorly configured servers, many hosts may not even be aware that they are vulnerable.

Do you agree?

Add your comment
 

Add your comment

We won't publish your address
By submitting a comment you agree to abide by our Terms & Conditions. Your comment will be moderated before publication.
Submit your comment

Latest stories from Security

german flag

Germany backs away from ACTA

Related white papers

Related articles

Related jobs

Today's top stories

heartvalentinesday

Top 10 Valentine's Day technology matches made in heaven

Microsoft Windows 8 start screen

Microsoft talks up Windows 8 for ARM hardware

Security enhancements will be added with the Chrome 17 update

Chrome for Android hands on review

Poll

IT priorities for 2012

What is the most important IT priority for your company this year?

99%

0%

1%

0%

0%

Features

V3 and The INQUIRER editor Madeline Bennett

BBC and Sky News show tough love with Twitter policies

V3's Rosalie Marshall

World indulges in a Facebook facts fest as firm prepares to float

facebook-new

Top five most interesting figures from Facebook’s IPO

Khidr headshot

Intel will prove Steve Jobs wrong in the mobile market

More features

Connect with V3.co.uk

Sign up to our daily or weekly newsletters

Case studies and reports

Accurev

Top 5 software development challenges

This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes

Talend

Rubbish in, rubbish enterprise

Why good data management at all levels is essential in the modern business (video, 6mins)

Technology jobs

Senior Account Manager/IT Account Manager - West London - £38k

Senior Account Manager/IT Account Manager - West London...

Implementation Manager, (Project Manager/Business Analyst)

Implementation Manager, (Project Manager/Business Analyst...

2nd Line Engineer - 6 month initial contact-Up to £20 per hour

2nd Line Engineer - Desktop/Remote - Active Directory...

.NET Developer - MS Gold Partner - Glasgow, Scotland

.NET Developer (VB.NET, VB, dot NET, Desktop, Winforms...

To send to more than one email address, simply separate each address with a comma.