[nsp-sec] Thoughts on the mass SQL injections
Smith, Donald
Donald.Smith at qwest.com
Mon Jun 23 11:53:24 EDT 2008
The main tool being used uses google to find .asp enabled sites.
http://isc.sans.org/diary.html?storyid=4294
I have used google to find infections. However I have not begun any type
of notification as there are just too many sites.
I suspect your correct about the usefulness of the google results to the
bad guys.
Security through obscurity WORKS against some worms and ssh attacks:)
Donald.Smith at qwest.com giac
> -----Original Message-----
> From: nsp-security-bounces at puck.nether.net
> [mailto:nsp-security-bounces at puck.nether.net] On Behalf Of Seth Hall
> Sent: Monday, June 23, 2008 7:48 AM
> To: nsp-security NSP
> Subject: [nsp-sec] Thoughts on the mass SQL injections
>
> ----------- nsp-security Confidential --------
>
> I was doing a search on google for one of the domain names being
> injected to add malicious javascript to web pages and I suddenly
> realized that the combination of these domain names[1] and google
> searches, malicious individuals could easily hunt for verified SQL
> injection vulnerabilities. Based on my attacks against sites on our
> network, I can only imagine how many of these sites have sensitive
> data which is just waiting for someone to come along and take
> advantage of it.
>
> To the Google guys, is anyone there working to remove or hide these
> results from searches? It seems like it could be a boon to the
> internet community at large if these vulnerable sites weren't
> quite so
> easy to find.
>
> .Seth
>
> 1. http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20080514
>
> ---
> Seth Hall
> Network Security - Office of the CIO
> The Ohio State University
> Phone: 614-292-9721
>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the
> nsp-security
> community. Confidentiality is essential for effective
> Internet security counter-measures.
> _______________________________________________
>
>
This communication is the property of Qwest and may contain confidential or
privileged information. Unauthorized use of this communication is strictly
prohibited and may be unlawful. If you have received this communication
in error, please immediately notify the sender by reply e-mail and destroy
all copies of the communication and any attachments.
More information about the nsp-security
mailing list